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Preface 


Traditionally, mathematics has been separated into three main areas: algebra, analysis, 
and geometry. Of course, there is a great deal of overlap between these areas. In gen- 
eral, algebraic methods and symbolism pervade all of mathematics, and it is essential 
for anyone learning any advanced mathematics to be familiar with the concepts and 
methods in abstract algebra. 

This is an introductory text on abstract algebra. It grew out of courses given to ad- 
vanced undergraduate and beginning graduate students in the United States, and to 
mathematics students and teachers in Germany. We assume that the reader is famil- 
iar with calculus and with some linear algebra, primarily matrix algebra and the basic 
concepts of vector spaces, bases, and dimensions. All other necessary material is intro- 
duced and explained in the book. Our expectation is that the material in this text can be 
completed in a full year’s course. 

We present the material sequentially, so that polynomials and field extensions pre- 
cede an in-depth look at advanced topics in group theory and Galois theory. This text 
follows the new approach of conveying abstract algebra starting with rings and fields, 
rather than with groups. Our teaching experience shows that examples of groups seem 
rather abstract and require a certain formal framework and mathematical maturity that 
would distract a course from its main objectives. The idea is that the integers provide 
the most natural example of an algebraic structure that students know from school. 
A student who goes through ring theory first, will attain a solid background in abstract 
algebra and will be able to move on to more advanced topics. 

The centerpiece of our book is the development of Galois theory and its important 
applications, especially the insolvability of the quintic polynomial. After introducing the 
basic algebraic structures, groups, rings, and fields, we begin with the theory of polyno- 
mials and polynomial equations over fields. We then develop the main ideas of field 
extensions and adjoining elements to fields. Since the second edition, we include added 
material on skew field extensions of C and Frobenius’s theorem. 

After this, we present the necessary material from group theory needed to complete 
both the insolvability of the quintic polynomial and solvability by radicals in general. 
Hence, the middle part of the book, Chapters 9 through 14, are concerned with group 
theory, including permutation groups, solvable groups, Abelian groups, and group ac- 
tions. Chapter 14 is somewhat off to the side of the main theme of the book. Here, we give 
a brief introduction to free groups, group presentations, and combinatorial group the- 
ory. In this third edition, we have extended Chapter 14 to include a primer on hyperbolic 
groups. With the group theory material at hand, we return to Galois theory and study 
general normal and separable extensions, and the fundamental theorem of Galois the- 
ory. Using this approach, we present several major applications of the theory, including 
solvability by radicals and the insolvability of the quintic, the fundamental theorem of 
algebra, the construction of regular n-gons, and the famous impossibilities: squaring the 
circle, doubling the cube, and trisecting an angle. 
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We continue with the theory of modules and prove the fundamental theorem for 
finitely generated modules over principle ideal domains. We then consider transcen- 
dental field extensions and prove Noether’s normalization theorem as preparation for 
algebraic geometry based on Hilbert’s basis theorem and the nullstellensatz, and de- 
scribe several applications. Since the second edition, we include a new chapter on al- 
gebras and group representations. We finish in a slightly different direction, giving an 
introduction to algebraic and noncommutative group-based cryptography. In this third 
edition, we have devoted a modernized chapter to each of these topics including recent 
developments and results. 

In the bibliography we choose to mention some interesting books and papers which 
are not used explicitly in our exposition but are very much related to the topics of the 
present book and could be helpful for additional reading. 

We were very pleased with the response to the second edition of this book, and we 
were very happy to do a third edition. In this third edition, we have added the extensions 
mentioned above, cleaned up various typos pointed out by readers, and have incorpo- 
rated their suggestions. Here, we have to give a special thank you to Ahmad Mirzay and 
O-joung Kwon. We would also like to thank Anja Rosenberger, who helped tremendously 
with editing and LaTeX, and who made some invaluable suggestions about the contents. 
Last but not least, we thank De Gruyter for publishing our book. 


June 2024 Gerhard Rosenberger 
Annika Schirenberg 
Leonard Wienke 
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1 Groups, Rings and Fields 


1.1 Abstract Algebra 


Abstract algebra or modern algebra can be best described as the theory of algebraic 
structures. Briefly, an algebraic structure is a set together with one or more binary oper- 
ations on it satisfying axioms governing the operations. There are many algebraic struc- 
tures, but the most commonly studied structures are groups, rings, fields, and vector 
spaces. Also, widely used are modules and algebras. In this first chapter, we will look at 
some basic preliminaries concerning groups, rings, and fields. We will only briefly touch 
on groups here; a more extensive treatment will be done later in the book. 

Mathematics traditionally has been subdivided into three main areas—analysis, al- 
gebra, and geometry. These areas overlap in many places so that it is often difficult, for 
example, to determine whether a topic is one in geometry or in analysis. Algebra and 
algebraic methods permeate all these disciplines and most of mathematics has been al- 
gebraicized; that is, uses the methods and language of algebra. Groups, rings, and fields 
play a major role in the study of analysis, topology, geometry, and even applied mathe- 
matics. We will see these connections in examples throughout the book. 

Abstract algebra has its origins in two main areas and questions that arose in these 
areas—the theory of numbers and the theory of equations. The theory of numbers deals 
with the properties of the basic number systems—integers, rationals, and reals, whereas 
the theory of equations, as the name indicates, deals with solving equations, in partic- 
ular, polynomial equations. Both are subjects that date back to classical times. A whole 
section of Euclid’s elements is dedicated to number theory. The foundations for the mod- 
ern study of number theory were laid by Fermat in the 1600s, and then by Gauss in the 
1800s. In an attempt to prove Fermat’s big theorem, Gauss introduced the complex inte- 
gers a+ bi, where a and bare integers and showed that this set has unique factorization. 
These ideas were extended by Dedekind and Kronecker, who developed a wide ranging 
theory of algebraic number fields and algebraic integers. A large portion of the termi- 
nology used in abstract algebra, such as rings, ideals, and factorization, comes from the 
study of algebraic number fields. This has evolved into the modern discipline of alge- 
braic number theory. 

The second origin of modern abstract algebra was the problem of trying to deter- 
mine a formula for finding the solutions in terms of radicals ofa fifth degree polynomial. 
It was proved first by Ruffini in 1800, and then by Abel that it is impossible to find a for- 
mula in terms of radicals for such a solution. Galois in 1820 extended this and showed 
that such a formula is impossible for any degree five or greater. In proving this, he laid 
the groundwork for much of the development of modern abstract algebra, especially 
field theory and finite group theory. Earlier, in 1800, Gauss proved the fundamental the- 
orem of algebra, which says that any nonconstant complex polynomial equation must 
have a solution. One of the goals of this book is to present a comprehensive treatment 
of Galois theory and a proof of the results mentioned above. 
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The locus of real points (x, y), which satisfy a polynomial equation f(x,y) = 0, is 
called an algebraic plane curve. Algebraic geometry deals with the study of algebraic 
plane curves and extensions to loci in a higher number of variables. Algebraic geometry 
is intricately tied to abstract algebra and especially commutative algebra. We will touch 
on this in the book also. 

Finally linear algebra, although a part of abstract algebra, arose in a somewhat dif- 
ferent context. Historically, it grew out of the study of solution sets of systems of linear 
equations and the study of the geometry of real n-dimensional spaces. It began to be 
developed formally in the early 1800s with work of Jordan and Gauss, and then later in 
the century by Cayley, Hamilton, and Sylvester. 


1.2 Rings 


The primary motivating examples for algebraic structures are the basic number sys- 
tems: the integers Z, the rational numbers Q, the real numbers R, and the complex 
numbers C. Each of these has two basic operations, addition and multiplication, and 
form what is called a ring. We formally define this. 


Definition 1.2.1. A ring is a set R with two binary operations defined on it: addition, 

denoted by +, and multiplication, denoted by ., or just by juxtaposition, satisfying the 

following six axioms: 

(1) Addition is commutative: a + b = b +a for each pair a,b in R. 

(2) Addition is associative: a+ (b+c) = (a+b)+cfora,b,c €R. 

(3) There exists an additive identity, denoted by 0, such thata+ 0 = aforeachaeR. 

(4) Foreacha «¢ R, there exists an additive inverse, denoted by —a, such that a + (-a) =0. 

(5) Multiplication is associative: a(bc) = (ab)c for a,b,c € R. 

(6) Multiplication is left and right distributive over addition: a(b + c) = ab + ac, and 
(b+c)a=ba+cafora,b,c € R. 


The ring Ris commutative if 
(7) Multiplication is commutative: ab = ba for a, b in R. 


We call R a ring with identity if 
(8) There exists a multiplicative identity denoted by 1 such thata-1=aand1-a=a 
for each ain R. 


If R satisfies (1) through (8), then R is a commutative ring with identity. 


A set G with one operation, +, on it satisfying axioms (1) through (4) is called an 
Abelian group. We will discuss these further later in the chapter. 

The numbers systems Z, Q, R, C are commutative rings with identity. 

Aring R with only one element is called trivial. A ring R with identity is trivial if and 
only if 0 = 1. A finite ring is a ring R with only finitely many elements in it. Otherwise, R is 
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an infinite ring. Z, Q, R, C are all infinite rings. Examples of finite rings are given by the 
integers modulo n, Z,, with n > 1. The ring Z,, consists of the elements 0,1,2,...,n-1 
with addition and multiplication done modulo n. That is, for example 4-3 = 12 = 2 
modulo 5. Hence, in Z,, we have 4 -3 = 2. The rings Z,, are all finite commutative rings 
with identity. 

To give examples of rings without an identity, consider the set nZ = {nz : z € Z} 
consisting of all multiples of the fixed integer n. It is an easy verification (see exercises) 
that this forms a ring under the same addition and multiplication as in Z, but that there 
is no identity for multiplication. Hence, for eachn ¢ Z with n > 1, we get an infinite 
commutative ring without an identity. 

To obtain examples of noncommutative rings, we consider matrices. Let M(2, Z) be 
the set of (2 x 2)-matrices with integral entries. Addition of matrices is done component- 


wise; that is, 
6 ee a) = fae ee) 


whereas multiplication is matrix multiplication 


c 2) d (2 _ ex te D4C, a,b, ae sey) 
Ce hy) Xe dy) \eas # dye. bo +d)” 


Then again, it is an easy verification (see exercises) that M(2, Z) forms a ring. Further, 
since matrix multiplication is noncommutative, this forms a noncommutative ring. 
However, the identity matrix does form a multiplicative identity for it. M(2, Z,) with 
n> 1provides an example of an infinite noncommutative ring without an identity. 
Finally, M(2, Z,,) for n > 1 will give an example of a finite noncommutative ring. 
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Our basic number systems have the property that if ab = 0, then either a = 0, or b = 0. 
However, this is not necessarily true in the modular rings. For example, 2 - 3 = 0 in Ze. 


Definition 1.3.1. A zero divisor in aring Ris an element a € R with a # 0 such that there 
exists an element b # 0 with ab = 0. A commutative ring with an identity 1 # 0 and with 
no zero divisors is called an integral domain. 


Notice that having no zero divisors is equivalent to the fact that if ab = 0 in R, then 
either a = 0, or b= 0. 

Hence, Z, Q, R, C are all integral domains, but from the example above, Z, is not. 
In general, we have the following: 


Theorem 1.3.2. Z,, is an integral domain if and only ifn is a prime. 
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Proof. First of all, notice that under multiplication modulo n, an element m is 0 if and 
only if n divides m. We will make this precise shortly. Recall further Euclid’s lemma 
(see Chapter 2), which says that if a prime p divides a product ab, then p divides a, or p 
divides b. 

Now suppose that n is a prime and ab = 0 in Z,. Then n divides ab. From Euclid’s 
lemma it follows that n divides a, or n divides D. In the first case, a = 0 in Z,, whereas 
in the second, b = 0 in Z,,. It follows that there are no zero divisors in Z,,, and since Z, 
is a commutative ring with an identity, it is an integral domain. 

Conversely, suppose Z,, is an integral domain. Suppose that n is not prime. Then n = 
abwithi<a<n,1<b <n. It follows that ab = 0in Z, with neither a nor b being zero. 
Therefore, they are zero divisors, which is a contradiction. Hence, n must be prime. 


In Q, every nonzero element has a multiplicative inverse. This is not true in Z, 
where only the elements —1, 1 have multiplicative inverses within Z. 


Definition 1.3.3. A unit in a ring R with identity 1 # 0 is an element a € R, which has a 
multiplicative inverse; that is, an element b € R such that ab = ba = 1. Ifaisa unit in R, 
we denote its inverse by a '. We denote the set of units of R by R*. 


Hence, every nonzero element of Q and of R and of C is a unit, but in Z, the 
only units are +1. In M(2,R), the units are precisely those matrices that have nonzero 
determinant, whereas in M(2, Z), the units are those integral matrices that have deter- 
minant +1. 


Definition 1.3.4. A field K is a commutative ring with an identity 1 # 0, where every 
nonzero element is a unit. 


Hence, a field K always contains at least two elements, a zero element 0 and an 
identity 1 # 0. 

The rationals Q, the reals R, and the complexes C are all fields. If we relax the com- 
mutativity requirement and just require that in the ring R with identity, each nonzero 
element is a unit, then we get a skew field or division ring. 


Lemma 1.3.5. If K is a field, then K is an integral domain. 


Proof. Since a field K is already a commutative ring with an identity, we must only show 
that there are no zero divisors in K. 

Suppose that ab = 0 witha # 0. Since K is a field and a is nonzero, it has an in- 
verse a. Hence, 


a ‘(ab)=a'0=0 = (a'‘a)b=0 = D=0. 


Therefore, K has no zero divisors and must be an integral domain. 


Recall that Z, was an integral domain only when n was a prime. This turns out to 
also be necessary and sufficient for Z, to be a field. 
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Theorem 1.3.6. Z,, is a field if and only ifn is a prime. 


Proof: First suppose that Z,, is a field. Then from Lemma 1.3.5, it is an integral domain. 
Therefore, from Theorem 1.3.2, n must be a prime. 

Conversely, suppose that n is a prime. We must show that Z,, is a field. Since we 
already know that Z,, is an integral domain, we must only show that each nonzero ele- 
ment of Z,, is a unit. Here, we need some elementary facts from number theory. If a,b 
are integers, we use the notation a|b to indicate that a divides b. 

Recall that given nonzero integers a, b, their greatest common divisor or GCD d > 0 
is a positive integer, which is a common divisor; that is, dja and d|b, and if d, is any 
other common divisor, then d,|d. We denote the greatest common divisor of a, b by either 
gcd(a, b) or (a,b). It can be proved that given nonzero integers a, b their GCD exists, is 
unique and can be characterized as the least positive linear combination of a and b. If 
the GCD of a and b is 1, then we say that a and bD are relatively prime or coprime. This is 
equivalent to being able to express 1 as a linear combination of a and b (see Chapter 3 
for proofs and more details). 

Nowleta € Z, withn prime and a + 0. Since a # 0, we have that n does not divide a. 
Since n is prime, it follows that a and n must be relatively prime, (a,n) = 1. From the 
number theoretic remarks above, we then have that there exist x, y with 


ax +ny=1. 
However, in Z,,, the element ny = 0. Therefore, in Z,,, we have 
ax = 1. 


Therefore, a has a multiplicative inverse in Z,, and is, hence, a unit. Since a was an 
arbitrary nonzero element, we conclude that Z,, is a field. 


The theorem above is actually a special case of a more general result from which 
Theorem 1.3.6 could also be obtained. 


Theorem 1.3.7. Each finite integral domain is a field. 


Proof. Let K be a finite integral domain. We must show that K is a field. It is clearly 
sufficient to show that each nonzero element of K is a unit. Let 


{0,1,14,..-,Tn} 


be the elements of K. Let r; be a fixed nonzero element and multiply each element of K 
by r; on the left. Now 


if rir; =Vilrx then rT; = rx) = 0. 


Since r; # 0, it follows that rj —r, = 0 or r; = r;. Therefore, all the products r,r; are 
distinct. Hence, 
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R={0,1,7,...5%,} =7R = {07 rp... 7 yh 


Therefore, the identity element 1 must be in the right-hand list; that is, there is an rj such 


that r= Therefore, r; has a multiplicative inverse and is, hence, a unit. Therefore, 
K isa field. 


1.4 Subrings and Ideals 


A very important concept in algebra is that of a substructure that is a subset having the 
same structure as the superset. 


Definition 1.4.1. A subring of a ring R is a nonempty subset S that is also a ring under 
the same operations as R. If R is a field and S also a field, then it is a subfield. 


If S c R, then S satisfies the same basic axioms, associativity, and commutativity 
of addition, for example. Therefore, S will be a subring if it is nonempty and closed 
under the operations; that is, closed under addition, multiplication, and taking additive 
inverses. 


Lemma 1.4.2. A subset S ofaring R is a subring if and only if S is nonempty, and whenever 
a,b<¢S,wehavea+beS,a—beSandabeS. 


Example 1.4.3. Show that ifn > 1, the set nZ is a subring of Z. Here, clearly nZ is 
nonempty. Suppose a = nz,, b = nz, are two elements of nZ. Then 


a+b =N2Z,4+ NZ, =N(Z, +2) €nZ 
a-b=nz,-Nnz, =Nn(Z,- 2) €nZ 


ab = NZ, - NZ, = N(NZ4Z_) € NZ. 


Therefore, nZ is a subring. 


Example 1.4.4. Show that the set of real numbers of the form 
S={ut+vv2:uve Q} 


is a subring of R. Here, 1+ v2 ¢ S; therefore, S is nonempty. Suppose a = u, + v, V2, 
b = U) + v, V2 are two element of S. Then 


a+b = (uy, +v,V2) + (Uy + V2 V2) = uy, + Uy + (Vi, + V2) V2 € S 
a —b = (uy, + v,V2) — (uy + Vv, V2) = uy — Uy + (Vi, - V2) V2 € S 
a-b = (Uy + V, V2) - (Uy + Vy V2) = (Uy + 2V4V2) + (UyVg + VpUy) V2 € S. 


Therefore, S is a subring. 
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In fact, S is a field because 5 = am) =z ae if (u,v) # (0,0). In the following, 


we are especially interested in special types of subrings called ideals. 


Definition 1.4.5. Let R be aring and c R. Then J is a (two-sided) ideal if the following 
properties hold: 

(1) Iis nonempty. 

(2) Ifa,beJ,thena+bel. 

(3) Ifa €J andr is any element of R, thenra € I, andar ¢€ I. 


We denote the fact that J forms an ideal in R by I «aR. 


Notice that if a,b € I, then from (3), we have ab « I, and ba « I. Hence, J forms a 
subring; that is, each ideal is also a subring. The set {0} and the whole ring R are trivial 
ideals of R. 

If we assume that in (3), only ra € I, then J is called a left ideal. Analogously, we 
define a right ideal. 


Lemma 1.4.6. Let R be a commutative ring and a € R. Then the set 
(a) = aR = {ar :r € R} 


is an ideal of R. 
This ideal is called the principal ideal generated by a. 


Proof. We must verify the three properties of the definition. Since a € R, we have that 
ak is nonempty. If u = ar,, v = ar, are two elements of ak, then 


U+V=Aar, + Ar, =a(r, +1) € aR. 


Therefore, (2) is satisfied. 
Finally, let u = ar, € aRandr ¢€ R. Then 


ru =rar,=a(rr,;)¢€ aR, and ur=anrr=a(ryr) € ar. 


Recall that a € (a) if R has an identity. 

Notice that ifn € Z, then the principal ideal generated by nis precisely the ring nZ, 
which we have already examined. Hence, for each n > 1, the subring nZ is actually an 
ideal. We can show more. 


Theorem 1.4.7. Any subring of Z is of the form nZ for some n. Hence, each subring of Z 
is actually a principal ideal. 


Proof. Let S be a subring of Z. If S = {0}, then S = 0Z, so we may assume that S has 
nonzero elements. Since S is a subring if it has nonzero elements, it must have positive 
elements (since it has the additive inverse of any element in it). 
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Let S* be the set of positive elements in S. From the remarks above, this is a 
nonempty set, and so, there must be a least positive element n. We claim that S = nZ. 
Let m be a positive element in S. By the division algorithm 


m=qn+r, 
where either r = 0, or 0 < r < n (see Chapter 3). Suppose that r # 0. Then 
r=m-qn. 


Nowme S,andn€ S. Since S is a subring, it is closed under addition so that qn € S. But 
Sis asubring, therefore, m-—qn ¢ S. It follows that r ¢ S. But this is a contradiction since 
nwas the least positive element in S. Therefore, r = 0, and m = qn. Hence, each positive 
element in S is a multiple of n. 

Now let m be a negative element of S. Then —m ¢€ S, and -m is positive. Hence, 
—m = qn, and thus, m = (—q)n. Therefore, every element of S is a multiple of n, and so, 
S = nZ. It follows that every subring of Z is of this form and, therefore, every subring 
of Z is an ideal. 


We mention that this is true in Z, but not always true. For example, Z is a subring 
of Q, but not an ideal. An extension of the proof of Lemma 1.4.6 gives the following. We 
leave the proof as an exercise. 


Lemma 1.4.8. Let R be a commutative ring and a,,...,da, € R be a finite set of elements 
in R. Then the set 


(Q4,..+5Qn) = {14 Qy + 1oAq + +++ + TpQn 2 7) € R} 


is an ideal of R. 


This ideal is called the ideal generated by ay,...,a,. Recall that a,,...,a, are in 
(Q,,..-5@,) if R has an identity. 


Theorem 1.4.9. Let R be a commutative ring with an identity 1 # 0. Then R is a field if and 
only if the only ideals in R are {0} and R. 


Proof. Suppose that Ris a field and I < R is an ideal. We must show that either I = {0}, 
or I = R. Suppose that I # {0}, then we must show that I = R. 

Since I + {0}, there exists an element a ¢ I witha # 0. Since Ris a field, this element 
ahas an inverse a~‘. Since J is an ideal, it follows that a~‘a = 1 € I. Letr € R, then, since 
1¢JI,wehaver-1=r e¢J.Hence, R c J and, therefore, R = I. 

Conversely, suppose that R is a commutative ring with an identity, whose only ideals 
are {0} and R. We must show that Ris a field, or equivalently, that every nonzero element 
of R has a multiplicative inverse. 
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Let a € R witha # 0. Since R is a commutative ring, and a # 0, the principal ideal 
ak is a nontrivial ideal in R. Hence, aR = R. Therefore, the multiplicative identity 1 € aR. 
It follows that there exists anr € R with ar = 1. Hence, a has a multiplicative inverse, 
and R must be a field. 


1.5 Factor Rings and Ring Homomorphisms 


Given an ideal J in a ring R, we can build a new ring called the factor ring or quotient 
ring of R modulo I. The special condition on the subring I, that rI c I and Ir c IJ for all 
r € R, that makes it an ideal, is specifically to allow this construction to be a ring. 


Definition 1.5.1. Let J be an ideal in a ring R. Then a coset of I is a subset of R of the 
form 


r+I={rt+i:ie I} 


with r a fixed element of R. 


Lemma 1.5.2. Let I be an ideal in a ring R. Then the cosets of I partition R; that is, any 
two cosets are either coincide or disjoint. 


We leave the proof to the exercises. Now, on the set of all cosets of an ideal, we will 
build a new ring. 


Theorem 1.5.3. Let I be anidealinaring R. Let R/I = {r+I:r € R} be the set ofall cosets 
of I in R. We define addition and multiplication on R/I in the following manner: 


(7, +1) + (rg +I) = (ry t+1,) +1 


(r, +I) -(r, +1) = (Ty -T2) +I. 


Then R/I forms a ring called the factor ring of R modulo I. The zero element of R/I is 
0 +I and the additive inverse of r + I is -r + I. Further, if R is commutative, then R/I is 
commutative, and if R has an identity, then R/I has an identity 1 + I. 


Proof. The proof that R/I satisfies the ring axioms under the definitions above is 
straightforward. For example, 


(7p 4+1) 4+ (rg +1) = (ryt 1.) + T= (2 +7) +2 = (ro + D+ (4+ D, 


and so, addition is commutative. What must be shown is that both addition and multi- 
plication are well defined. That is, if 


rt+l=r,+I, and r.+l=ri,+1 


then 
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(rp +1 + ()+D =(rp+D ++), 
and 
(ry +1) (2+ D =(r,t+1)- (73 +2). 


Now ifr, +I =r, +I, thenr, € rj +J, and so, r, = rj + i for some i, € I. Similarly, if 
ro +1 =r} +I, thenr, € 1 +I, and so, ry =r} + i, for some i, € I. Then 


(yt Det Da tht D+ (+e D = +D+(4 4+ 
since t, +I = I andi, + I =I. Similarly, 


(ry +1) +D = (r,t ip +D)- (7, +i) +7) 
Hr try try iptry-Itr,-I+1-I 


= (r-7g) +1 


since all the other products are in the ideal I. This shows that addition and multiplication 
are well defined. It also shows why the ideal property is necessary. 


As an example, let R be the integers Z. As we have seen, each subring is an ideal and 
of the form nZ for some natural number n. The factor ring Z/nZ is called the residue 
class ring modulo n, denoted Z,,. Notice that we can take as cosets 


0+nZ,1+nZ,..., (n-1)4+N2Z. 


Addition and multiplication of cosets is then just addition and multiplication modulo n. 
As we can see, this is just a formalization of the ring Z,,, which we have already looked 
at. Recall that Z,, is an integral domain if and only if n is prime and Z,, is a field for 
precisely the same n. If n = 0, then Z/nZ is the same as Z. 

We now show that ideals and factor rings are closely related to certain mappings 
between rings. 


Definition 1.5.4. Let R and S be rings. Then a mapping f : R — Sis a ring homomor- 
phism if 


fy +1) =f) +f(r2) for anyr,r, ¢R 
fy -12) =f) f(g) for any ry, 7, € R. 


In addition, 

() fis an epimorphism if it is surjective. 

(3) fis anisomorphism if it is bijective; that is, both surjective and injective. In this case, 
Rand S are said to be isomorphic rings, which we denote by R = S. 
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(4) fis an endomorphism if R = S; that is, a ring homomorphism from a ring to itself. 
(5) fis an automorphism if R = S and f is an isomorphism. 


Lemma 1.5.5. Let R and S be rings, and let f : R > S be aring homomorphism. Then 
(1) f(0) = 0, where the first and second 0 are the zero elements of R and S, respectively. 


(2) f(-r) =-f(r) for anyr € R. 
Proof. We obtain f(0) = 0 from the equation f(0) = f(0 + 0) = f(0) + f(0). Hence, 
0=f(0)=f(r-r) =f(r+(-r)) =f) + f(-7); that is, f(-r) = —f(7). 


Definition 1.5.6. Let R and S be rings, and let f : R > S be a ring homomorphism. Then 
the kernel of f is 


ker(f) = {re R: f(r) = 0}. 
The image of f, denoted im(f), is the range of f within S. That is, 
im(f) = {s € S : there exists r ¢ R with f(r) = s}. 


Theorem 1.5.7 (Ring isomorphism theorem). Let R and S be rings, and let 
f[:R-S 


be aring homomorphism. Then 
(1) ker(f) is an ideal in R, im(f) is a subring of S, and 


R/ker(f) = im(f). 


(2) Conversely, suppose that I is an ideal in a ring R. Then the map f : R — R/I, given by 
f(r) =r+Iforr ¢€ R, is aring homomorphism, whose kernel is I, and whose image 
is R/I. 


The theorem says that the concepts of ideal of a ring and kernel of a ring homomor- 
phism coincide; that is, each ideal is the kernel of ahomomorphism and the kernel of 
each ring homomorphism is an ideal. 


Proof: If s,,S_ € im(f), then there exist r,,r. € R, such that f(r,) = s,, and f(r,) = $9. 
Then certainly, im(f) is a subring of S from Definition 1.5.4 and Lemma 1.5.5. Now, let 
I = ker(f). We show first that J is an ideal. If r,,r, € I, then f(r,) = f(r.) = 0. It follows 
from the homomorphism property that 


f(y, £1) =f) +f(r.) =0+0=0 
f(T, -12) =f (11) fr.) = 0-0 = 0. 


Therefore, J is a subring. 
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Now leti «J andr ¢€ R. Then 
fr-)=f)-f=fr)-0=0 and fi-r)=f@-f(r) =0-f(r) =0 


and, hence, J is an ideal. 

Consider the factor ring R/I. Let f* : R/I — im(f) by f*(r +) = f(r). We show that 
f* is an isomorphism. 

First, we show that it is well defined. Suppose 7; +] = r,+J, then r,-r, € I = ker(f). 
It follows that f(r, — r,) = 0, so f(r,) = f(r). Hence, f*(r, +1) = f*(r. + D, and the map 
f* is well defined. 

Now 


MN +1) +(r, +I)) =f" ((r, +1) +1) = f(r, +1) 
=f (ry) +f) =f" (1+ D +f" 2 + D: 


and 


Py + D -(r2 + D) =f (re) +D =f M) 
=f (ry) f(t) =f" (1 +D f(r + 2D. 


Hence, f* isa homomorphism. We must now show that it is injective and surjective. 

Suppose that f*(r; +I) = f*(r2 + I). Then f(r) = f (rz) so that f(r, — r,) = 0. Hence, 
r1 —T, € ker(f) = I. Therefore, r, € r, + J, and thus, r, + J = r, + J, and the map f™* is 
injective. 

Finally, let s ¢ im(f). Then there exists r « R such that f(r) = s. Then f*(r +I) = s, 
and the map f* is surjective and, hence, an isomorphism. This proves the first part of 
the theorem. 

To prove the second part, let J be an ideal in R and R/I the factor ring. Consider the 
mapf :R — R/I, givenby f(r) = r+J. From the definition of addition and multiplication 
in the factor ring R/TI, it is clear that this is a homomorphism. Consider the kernel of f. 
Ifr € ker(f), then f(r) = r +I = 0 =0+/T. This implies that r ¢ J and, hence, the kernel 
of this map is exactly the ideal J, completing the proof. 


Theorem 1.5.7 is called the ring isomorphism theorem or the first ring isomorphism 
theorem. We mention that there is an analogous theorem for each algebraic structure, 
in particular, for groups and vector spaces. We will mention the result for groups in 
Section 1.8. 


1.6 Fields of Fractions 


The integers are an integral domain, and the rationals Q are a field that contains the 
integers. First, we show that Q is the smallest field containing Z. 
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Theorem 1.6.1. The rationals Q are the smallest field containing the integers Z. That is, 
ifZ cK c Qwith K asubfield of Q then K =Q. 


Proof. Since Z c K, we have m,n ¢€ K for any two integers m,n with n # 0. Since K is 
a subfield, it is closed under taking division; that is, taking multiplicative inverses and, 
hence, the fraction “ € K. Since each element of Q is such a fraction, it follows that 
Qc K.Since K c Q, it follows that K = Q. 


Notice that to eos the rationals from the integers, we form all fractions > with 
n # 0, and where 7 = — if mn, = nym). We then do the standard operations on 
fractions. If we start with re integral domain D, we can mimic this construction to 
build a field of fractions from D; that is, the smallest field containing D. 


Theorem 1.6.2. Let D be an integral domain. Then there is a field K containing D, called 
the field of fractions for D, such that each element of K is a fraction from D; that is, an 
element of the form d,d, 1 with d,,d, € D. Further, K is unique up to isomorphism and is 
the smallest field containing D. 


Proof. The proof is just the mimicking of the construction of the rationals from the in- 
tegers. Let 


= {(d,, dy) i. dy, dy ea 0, dy, dy € Dh. 
Define on K’ the equivalence relation 
(d,, dy) = (de d;) if dd, = dyd;. 


Let K be the set of equivalence classes, and define addition and multiplication in the 
usual manner as for fractions, where the result is the equivalence class: 


(d,, dy) + (ds, dy) = (dd, ch dyds3, dyd,) 
(d;, dy) - (dg, dy) = (dyd3, dydy). 
It is now straightforward to verify the ring axioms for K. The inverse of (d,, 1) is (1, d,) 


for d, # 0 in D. As with Z, we identify the elements of K as fractions i. The proof that 
K is the smallest field containing D is the same as for Q from Z. 


As examples, we have that Q is the field of fractions for Z. A familiar, but less com- 
mon, example is the following: 
Let R[x] be the set of polynomials over the real numbers R. It can be shown that 
R[x] forms an integral domain (see Chapter 3). The field of fractions consists of all 
formal functions m, where f(x), g(x) are real polynomials with g(x) # 0. The cor- 
responding field of fractions is called the field of rational functions over R and is de- 


noted R(x). 
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1.7 Characteristic and Prime Rings 


We saw in the last section that Q is the smallest field containing the integers. Since any 
subfield of Q must contain the identity, it follows that any nontrivial subfield of Q must 
contain the integers and, hence, be all of Q. Therefore, Q has no nontrivial subfields. 
We say that Q is a prime field. 


Definition 1.7.1. A field K is a prime field if K contains no nontrivial subfields. 
Lemma 1.7.2. Let K be any field. Then K contains a prime field K as a subfield. 


Proof: Let K;, Ky be subfields of K. If k,,k, € K, MK, then k, + k, € K, since K, isa 
subfield, and k, + k, € K, since Ky, is a subfield. Therefore, k, + k, ¢ K, K,. Similarly, 
kykz" € K, 0K. It follows that K, n Ky is again a subfield. 

Now, let K be the intersection of all subfields of K. From the argument above K is a 
subfield, and the only nontrivial subfield of K is itself. Hence, K is a prime field. O 


Definition 1.7.3. Let R be a commutative ring with an identity 1 # 0. The smallest posi- 
tive integer n such thatn-1=1+1+---+1= 0 is called the characteristic of R. If there 
is no such n, then R has characteristic 0. We denote the characteristic by char(R). 


First, notice that 0 is the characteristic of Z, Q, R. Further the characteristic of Z,, 
is n. 


Theorem 1.7.4. Let R be an integral domain. Then the characteristic of R is either 0 or a 
prime. In particular, the characteristic of a field is zero or a prime. 


Proof. Suppose that R is an integral domain and char(R) = n # 0. Suppose that n = mk 
withi<m<n,1l<k<n.Thenn-1=0=(m-1)(k-1). Since Ris an integral domain, we 
have no zero divisors and, hence, m-1 = 0, or k- 1 = 0. However, this is a contradiction 
since nis the least positive integer such that n-1 = 0. Therefore, n must be a prime. 


We have seen that every field contains a prime field. We extend this. 


Definition 1.7.5. A commutative ring R with an identity 1 # 0 is a prime ring if the only 
subring containing the identity is the whole ring. 


Clearly both the integers Z and the modular integers Z,, are prime rings. In fact, up 
to isomorphism, they are the only prime rings. 


Theorem 1.7.6. Let R bea prime ring. Then char(R) = 0 implies R = Z, whereas char(R) = 
n> 0 implies R = Z,. 


Proof. Suppose that char(R) = 0. Let S = {fr =m-1:reR,me Z}. Then S is a subring 
of R containing the identity and, hence, S = R. However, the map m-1 — m gives an 
isomorphism from S to Z. It follows that R is isomorphic to Z. 

If char(R) = n > 0, the proof is identical. Since n - 1 = 0, the subring S of R, defined 
above, is all of R and isomorphic to Z,,. 


1.7 Characteristic and Prime Rings —— 15 


Theorem 1.7.6 can be extended to fields with Q, taking the place of Z and Zp with 
pa prime, taking the place of Z,,. 


Theorem 1.7.7. Let K be a prime field. If K has characteristic 0, then K = Q, whereas if K 
has characteristic p, then K = Zp: 


Proof. The proof is identical to that of Theorem 1.7.6; however, we consider the smallest 
subfield K, of K containing S. 


We mention that there can be infinite fields of characteristic p. Consider, for ex- 
ample, the field of fractions of the polynomial ring Z,[x]. This is the field of rational 
functions with coefficients in Z,. 

We give a theorem on fields of characteristic p that will be important much later 
when we look at Galois theory. 


Theorem 1.7.8. Let K be a field of characteristic p. Then the mapping o : K — K, given 
by 0(k) = k?, is an injective endomorphism of K. In particular, (a + b)? = a? + b? for any 
a,be K. 

This mapping is called the Frobenius homomorphism of K. Further, if K is finite, @ is 
an automorphism. 


Proof. We first show that ¢ is a homomorphism. Now 
(ab) = (ab)? = a?b? = o(a)9(b). 
We need a little more work for addition: 
(a+b) = (a+b)? = y @ Jator =a? + 3 C Jair + BP 
i=0 i=1 


by the binomial expansion, which holds in any commutative ring. However, 


> 


@E p(p-1)-:- (pit) 
i i-(i-1)---1 
and it is clear that p|(#) for 1 < i < p—1. Hence, in K, we have (”)-1 = 0, and so, we have 


(a+b) = (a+b)? =a? +b? = o(a) + oD). 


Therefore, @ is a homomorphism. 
Further, ¢ is always injective. To see this, suppose that ¢(x) = @(y). Then 


o(x-y)=0 = (x-y)? =0. 


But K is a field, so there are no zero divisors. Therefore, we must have x-y = 0, or x = y. 
If K is finite and @ is injective, it must also be surjective and, hence, an automorphism 
of K. 
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1.8 Groups 


We close this first chapter by introducing some basic definitions and results from 
group theory that mirror the results, which were presented for rings and fields. We 
will look at group theory in more detail later in the book. Proofs will be given at that 
point. 


Definition 1.8.1. A group G is a set with one binary operation (which we will denote by 
multiplication) such that 

(1) the operation is associative; 

(2) there exists an identity for this operation; and 

(3) each g ¢ Ghas an inverse for this operation. 


If, in addition, the operation is commutative, the group G is called an Abelian group. The 
order of G is the number of elements in G, denoted by |G]. If |G| < oo, Gis a finite group; 
otherwise G is an infinite group. 


Groups most often arise from invertible mappings of a set onto itself. Such mappings 
are called permutations. 


Theorem 1.8.2. The group of all permutations on a set A forms a group called the sym- 
metric group on A, which we denote by S,. If A has more than 2 elements, then S, is non- 
Abelian. 


Definition 1.8.3. Let G, and G, be groups. Then a mapping f : G,; — G, is a (group) 
homomorphism if 


Ff (8182) =f(Svf(82) for any gy, 82 € G. 


As with rings, we have, in addition, 
() fis an epimorphism if it is surjective. 
(3) fis anisomorphism if it is bijective; that is, both surjective and injective. In this case, 
G, and G, are said to be isomorphic groups, which we denote by G, = Gp. 
(4) f is an endomorphism if G, = G,; that is, ahomomorphism from a group to itself. 
(5) f is an automorphism if G, = G,, and f is an isomorphism. 


Lemma 1.8.4. Let G, and G, be groups, and let f : G, — G, be ahomomorphism. Then 
1. f() = 1, where the first 1 is the identity element of G,, and the second is the identity 
element of G.. 


2. f(g) = (f(g) for any g ¢ G. 


If A is a set, |A| denotes the size of A. 
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Theorem 1.8.5. If A; and A, are sets with |A,| = |A|, then Sy, = S,,. If|A| = nwithn 
finite, we call S, the symmetric group on n elements, which we denote by S,,. Further, we 
have |S,,| = n!. 


Subgroups are defined in an analogous manner to subrings. Special types of sub- 
groups, called normal subgroups, take the place in group theory that ideals play in ring 
theory. 


Definition 1.8.6. A subset H of a group G is a subgroup if H # @ and H forms a group 
under the same operation as G. Equivalently, H is a subgroup if H # 0, and H is closed 
under the operation and inverses. 


Definition 1.8.7. If H is a subgroup of a group G, then a left coset of H is a subset of G of 
the form gH ={gh : h € H}. Aright coset of H is a subset of G of the form Hg = {hg : h € H}. 


As with rings the cosets of a subgroup partition a group. We call the number of right 
cosets of a subgroup H ina group G, then index of H in G, denoted |G : H|. One can prove 
that the number of right cosets is equal to the number of left cosets. For finite groups, 
we have the following beautiful result called Lagrange’s theorem. 


Theorem 1.8.8 (Lagrange’s theorem). Let G be a finite group and H a subgroup. Then the 
order of H divides the order of G. In particular, 


IG| = |A|IG : HI. 


Normal subgroups take the place of ideals in group theory. 


Definition 1.8.9. A subgroup H of a group G is a normal subgroup, denoted H < G, if 
every left coset of H is also a right coset; that is, gH = Hg for each g € G. Note that this 
does not say that g and H commute elementwise, just that the subsets gH and Hg are 
the same. Equivalently, H is normal if g- ‘Hg = H for any g € G. 


Normal subgroups allow us to construct factor groups, just as ideals allowed us to 
construct factor rings. 


Theorem 1.8.10. Let H be anormal subgroup of a group G. Let G/H be the set ofall cosets 
of H in G; that is, 


G/H = {gH : g € Gh. 
We define multiplication on G/H in the following manner: 
(8,8) (82H) = 2182H. 


Then G/H forms a group called the factor group or quotient group of G modulo H. 
The identity element of G/H is 1H, and the inverse of gH is g-‘H. Further, if G is Abelian, 
then G/H is also Abelian. 
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Finally, as with rings normal subgroups, factor groups are closely tied to homomor- 
phisms. 


Definition 1.8.11. Let G, and G, be groups, and let f : G, — G, be a homomorphism. 
Then the kernel of f, denoted ker(f), is 


ker(f) = {g € G, : f(g) = 1}. 
The image of f, denoted im(/), is the range of f within G,. That is, 
im(f) = {h € G, : there exists g € G, with f(g) = h}. 


Theorem 1.8.12 (Group isomorphism theorem). Let f : G,; — G, be a homomorphism of 
groups G, and G,. Then 
(1) ker(f) is a normal subgroup in G,. im(f) is a subgroup of G., and 


G,/ ker(f) = im(f). 


(2) Conversely, suppose that H is a normal subgroup of a group G. Thenf : G > G/H, 
given by f(g) = gH for g € Gis ahomomorphism, whose kernelis H and whose image 
is G/H. 


1.9 Exercises 


1. Let @: K — Rbea homomorphism from a field K to a ring R. Show that either 
¢(a) = 0 for alla € K, or gis amonomorphism. 

2. LetR bearing and M ¢# 0 an arbitrary set. Show that the following are equivalent: 
(i) The ring of all mappings from M to R is a field. 
(ii) M contains only one element and R is a field. 

3. Let bea set of prime numbers. Define 


Q, = \¢ : all prime divisors of b are in rt. 


(i) Show that Q, is a subring of Q. 

(ii) Let R be a subring of Q and let ; € R with coprime integers a, b. Show that 
: ER. 

(iii) Determine all subrings R of Q. 
(Hint: Consider the set of all prime divisors of denominators of reduced ele- 
ments of R.) 

. Prove Lemma 1.5.2. 
5. Let R be a commutative ring with an identity 1 € R. Let A, B and C be ideals in R. 
A+B:= {a+b:aeéA,be¢ Band AB := ({ab:ae¢A,b € B}). Show: 
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(i) A+B<aR,A+B= (AUB). 

(ii) AB = {a,b,+---+a,b,:n€N,a; €A,b; € BL, ABCANB. 
(iii) A(B + C) = AB+ AC, (A+ B)C = AB + BC, (AB)C = A(BC). 
(iv) A=~RSOANR* FO. 

(v) abe R= (a) + tb) = {xa+yb: x,y € R}. 

(vi) a,b € R = (a)(b) = (ab). Here, (a) = Ra = {xa: x € R}. 
Solve the following congruence: 


3x = 5 (mod 7). 


Is this congruence also solvable modulo 17? 

Show that the set of (2 x 2)-matrices over a ring R forms a ring. 

Prove Lemma 1.4.8. 

Prove that if R is a ring with identity and S = {fr =m-1:reéeR,me Z}thenSisa 
subring of R containing the identity. 


2 Maximal and Prime Ideals 


In this chapter we use polynomials over integral domains with one or two indetermi- 
nates in an elementary fashion. We will consider polynomial rings in detail in later chap- 
ters. 


2.1 Maximal and Prime Ideals of the Integers 


In the first chapter, we defined ideals J in a ring R, and then the factor ring R/I of R 
modulo the ideal I. We saw, furthermore, that if R is commutative, then R/I is also com- 
mutative, and if R has an identity, then so does R/T. This raises further questions concern- 
ing the structure of factor rings. In particular, we can ask under what conditions does 
R/I form an integral domain, and under what conditions does R/I form a field. These 
questions lead us to define certain special properties of ideals, called prime ideals and 
maximal ideals. 

Let us look back at the integers Z. Recall that each proper ideal in Z has the form 
nZ for some n > 1, and the resulting factor ring Z/nZ is isomorphic to Z,,. We proved 
the following result: 


Theorem 2.1.1. The factor ring Z,, = Z/nZ is an integral domain if and only ifn = pisa 
prime. Furthermore, Z,, is a field again if and only ifn = p is a prime. 


Hence, for the integers Z, a factor ring is a field if and only if it is an integral domain. 
We will see later that this is not true in general. However, what is clear is that special 
ideals nZ lead to integral domains and fields when n is a prime. We look at the ideals 
pZ with p a prime in two different ways, and then use these in subsequent sections to 
give the general definitions. We first need a famous result, Euclid’s lemma, from number 
theory. For integers a, b, the notation a|b means that a divides b. 


Lemma 2.1.2 (Euclid). Ifp is a prime and p|ab, then pla or p\b. 


Proof. Recall that the greatest common divisor or GCD of two integers a, b is an integer 
d > 0 such that d is a common divisor of both a and b, and if d, is another common 
divisor of a and b, then d,|d. We express the GCD of a,b by d = (a,b). It is known that 
for any two integers a, b, their GCD exists and is unique, and is the least positive linear 
combination of a and b; that is, the least positive integer of the form ax + by for integers 
x,y. The integers a, b are relatively prime if their GCD is 1, (a,b) = 1. In this case, 1 is a 
linear combination of a and b (see Chapter 3 for proofs and more details). 

Now suppose p|ab, where p is a prime. If p does not divide a, then since the only 
positive divisors of p are 1 and p, it follows that (a,p) = 1. Hence, 1 is expressible as a 
linear combination of a and p. That is, ax+py = 1 for some integers x, y. Multiply through 
by b, so that 
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abx + pby = b. 


Now p|ab, so p|abx and p|pby. Therefore, p|abx + pby; that is, p|b. 


We now recast this lemma in two different ways in terms of the ideal pZ. Notice 
that pZ consists precisely of all the multiples of p. 
Hence, pl|ab is equivalent to ab € pZ. 


Lemma 2.1.3. [fp is a prime and ab € pZ, thena «€ pZ, orb € pZ. 


This conclusion will be taken as a motivation for the definition of a prime ideal in 
the next section. 


Lemma 2.1.4. Ifp is a prime and pZ c nZ, thenn = 1, or n = p. That is, every ideal in Z 
containing pZ with p a prime is either all of Z or pZ. 


Proof. Suppose that pZ c nZ. Then p ¢€ nZ; therefore, p is a multiple of n. Since p is a 
prime, it follows easily that either n = 1, orn =p. 


In Section 2.3, the conclusion of this lemma will be taken as a motivation for the 
definition of a maximal ideal. 


2.2 Prime Ideals and Integral Domains 


Motivated by Lemma 2.1.3, we make the following general definition for commutative 
rings R with identity: 


Definition 2.2.1. Let R be a commutative ring. An ideal P in R with P + Ris a prime ideal 
if whenever ab « P with a,b ¢€ R, then either a ¢ P, orb € P. 


This property of an ideal is precisely what is necessary and sufficient to make the 
factor ring R/T an integral domain. 


Theorem 2.2.2. Let R be a commutative ring with an identity 1 # 0, and let P be a non- 
trivial ideal in R. Then P is a prime ideal if and only if the factor ring R/P is an integral 
domain. 


Proof. Let R be a commutative ring with an identity 1 # 0, and let P be a prime ideal. We 
show that R/P is an integral domain. From the results in the last chapter, we have that 
R/P is again a commutative ring with an identity. Therefore, we must show that there 
are no zero divisors in R/P. Suppose that (a + I)(b + I) = 0 in R/P. The zero element in 
R/P is 0 + P and, hence, 


(a+ P)(b+P)=0=0+P = ab+P=0+P = abeP. 
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However, P is a prime ideal; therefore, we must have a € P,orb ¢€ P.Ifa ¢ P, then 
a+P=P=0+Psoa+P=0inR/P. The identical argument works if b ¢ P. Therefore, 
there are no zero divisors in R/P and, hence, R/P is an integral domain. 

Conversely, suppose that R/P is an integral domain. We must show that P is a prime 
ideal. Suppose that ab € P. Then (a+ P)(b+ P) = ab+P =0+P. Hence, in R/P, we have 


(a+P)(b+P) =0. 
However, R/P is an integral domain, so it has no zero divisors. It follows that either 


a+P = 0 and, hence,a ¢ Porb+P=0,andb « P. Therefore, either a « P, orb ¢€ P. 
Therefore, P is a prime ideal. 


In a commutative ring R, we can define a multiplication of ideals. We then obtain 
an exact analog of Euclid’s lemma. Since R is commutative, each ideal is 2-sided. 


Definition 2.2.3. Let R be a commutative ring with an identity 1 # 0, and let A and B be 
ideals in R. Define 


AB = {a,b +--+ + ,bn : Q; € A, bD; € B,n € IN}. 


That is, AB is the set of finite sums of products ab witha € Aand D € B. 


Lemma 2.2.4. Let R be a commutative ring with an identity 1 # 0, and let A and B be 
ideals in R. Then AB is an ideal. 


Proof. We must verify that AB is a subring, and that it is closed under multiplication 
from R. Le r,,r, € AB. Then 


r, =@,b,+---+a,b, for some a; € A, D; € B, 
and 
r, = a,b,+---+a' bl, forsomea; <A, bi ¢B 
2: ded m-m i ae | : 
Then 
Ty +1, = Ayby + +++ + Andy + yb, +--+ +a),bi,, 
which is clearly in AB. Furthermore, 
TT. = ab, a,b) +--+ + Ayb,a,,b’, 
1° PQ = Gy91049, t+ + pn Qn m- 


Consider, for example, the first term a,b,a}bj. Since R is commutative, this is equal to 


(a,a;)(b,b;). 
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Now a,a; € A since A is a subring, and b,b) € B since B is a subring. Hence, this term 
is in AB. Similarly, for each of the other terms. Therefore, r,r. €¢ AB and, hence, AB is a 
subring. 

Now let r € R, and consider rr,. This is then 


IT, = 1a,b, + +++ +TAyDy. 


Now ra; € A for each i since A is an ideal. Hence, each summand is in AB, and then 
rr, € AB. Therefore, AB is an ideal. 


Lemma 2.2.5. Let R be a commutative ring with an identity 1 # 0, and let A and B be 
ideals in R. If P is a prime ideal in R, then AB c P implies that A c P or B c P. 


Proof. Suppose that AB c P with P a prime ideal, and suppose that B is not contained 
in P. We show that A c P. Since AB c P, each product a;b; « P. Choose ab € Bwithb ¢ P, 
and let a be an arbitrary element of A. Then ab ¢ P. Since P is a prime ideal, this implies 
either a € P, or b € P. But by assumption b ¢ P, soa € P. Since a was arbitrary, we have 
AcP. 


2.3 Maximal Ideals and Fields 


Now, motivated by Lemma 2.1.4, we define a maximal ideal. 


Definition 2.3.1. Let R be a ring and J an ideal in R. Then J is a maximal ideal if I + R, 
and if J is an idealin R with/ c J, then] =J,orjJ =R. 


If R is a commutative ring with an identity this property of an ideal IJ is precisely 
what is necessary and sufficient, so that R/I is a field. 


Theorem 2.3.2. Let R be a commutative ring with an identity 1 # 0, and let I be an ideal 
in R. Then I is a maximal ideal if and only if the factor ring R/I is a field. 


Proof. Suppose that R is a commutative ring with an identity 1 + 0, and let J be an ideal 
in R. Suppose first that J is a maximal ideal, and we show that the factor ring R/I is a field. 

Since R is a commutative ring with an identity, the factor ring R/T is also a commu- 
tative ring with an identity. We must show then that each nonzero element of R/I has a 
multiplicative inverse. Suppose then that r = r+J € R/I isanonzero element of R/I. It 
follows that r ¢ I. Consider the set (r,I) = {rx +i: x € R,i¢ I}. This is also an ideal (see 
exercises) called the ideal generated by r and J, denoted (r,/). Clearly, J c (r,I), and 
sincer ¢J,andr=r-1+0€ (r,J), it follows that (r, I) # I. Since I is a maximal ideal, 
it follows that (r,I) = R the whole ring. Hence, the identity element 1 € (r,J), and so, 
there exist elements x « Randi ¢ J such that 1=rx +i. But then1 € (r+J)(x+J), and 
so, 1+I = (r+I)(x +1). Since 1+ is the multiplicative identity of R/I, it follows that 
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x +] is the multiplicative inverse of r + J in R/I. Since r + I was an arbitrary nonzero 
element of R/J, it follows that R/I is a field. 

Now suppose that R/T is a field for an ideal J. We show that I must be maximal. 
Suppose then that J, is an ideal with I c I, and # I,. We must show that J, is all of R. 
Since I # I,, there exists anr ¢€ I, withr ¢ I. Therefore, the element r + J is nonzero in 
the factor ring R/I, and since R/I is a field, it must have a multiplicative inverse x + I. 
Hence, (r + I)(x +I) = rx +I = 1+TJ and, therefore, there is ani ¢ J with1 = rx +i. 
Since r € J,, and J, is an ideal, we get that rx ¢€ I,. In addition, since I c Jj, it follows that 
rx +i € , and so,1 ¢€ J. If r, is an arbitrary element of R, then r, -1 = r; € 1,. Hence, 
RcI,, and so, R = J. Therefore, J is a maximal ideal. 


Recall that a field is already an integral domain. Combining this with the ideas of 
prime and maximal ideals we obtain: 


Theorem 2.3.3. Let R be a commutative ring with an identity 1 # 0. Then each maximal 
ideal is a prime ideal. 


Proof. Suppose that R is a commutative ring with an identity and J is a maximal ideal 
in R. Then from Theorem 2.3.2, we have that the factor ring R/I is a field. But a field is an 
integral domain, so R/IJ is an integral domain. Therefore, from Theorem 2.2.2, we have 
that J must be a prime ideal. 


The converse is not true in general. That is, there are prime ideals that are not max- 
imal. Consider, for example, R = Z the integers and J = {0}. Then J is an ideal, and 
R/I = Z/{0} = Zis an integral domain. Hence, {0} is a prime ideal. However, Z is not 
a field, so {0} is not maximal. Note, however, that in the integers Z, a proper ideal is 
maximal if and only if it is a prime ideal. 


2.4 The Existence of Maximal Ideals 


In this section, we prove that in any ring R with an identity, there do exist maximal ideals. 
Furthermore, given an ideal J # R, then there exists a maximal ideal Jy such that I ¢ Ip. 
To prove this, we need three important equivalent results from logic and set theory. 

First, recall that a partial order < on a set S is a reflexive, transitive relation on S. 
That is,a < afor alla ¢ S,andifa < b,b <c, thena < c. This is a “partial” order since 
there may exist elements a € S, where neither a < b, nor b < a. If A is any set, then it is 
clear that containment of subsets is a partial order on the power set P(A). 

If < is a partial order on a set M, then a chain on M is a subset K c M such that 
a,b € K implies that a < bor b < a. Achain on M is bounded if there exists an m ¢€ M 
such that k < m for allk ¢ K. The element m is called an upper bound for K. An element 
mg € M is maximal if whenever m € M with mp < m, then m = mp. We now state the 
three important results from logic. 
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Zorn’s lemma. Jf each chain of M has an upper bound in M, then there is at least one 
maximal element in M. 


Axiom of well-ordering. Each set M can be well-ordered, such that each nonempty sub- 
set of M contains a least element. 


Axiom of choice. Let {M; : i « I} be anonempty collection of nonempty sets. Then there 
isa mapping f :I > Uier M; with f(t) <M; for alli ¢ I. 


The following can be proved. 


Theorem 2.4.1. Zorn’s lemma, the axiom of well-ordering and the axiom of choice are all 
equivalent. 


We now show the existence of maximal ideals in commutative rings with identity. 


Theorem 2.4.2. Let R be a commutative ring with an identity 1 # 0, and let I be an ideal 
in R with I # R. Then there exists a maximal ideal Ip in R with I c Ip. In particular, a ring 
with an identity contains maximal ideals. 


Proof. Let I be an ideal in the commutative ring R. We must show that there exists a 
maximal ideal Jp in R with I c Ip. 
Let 


M = {X :X is an ideal with I c X + R}. 


Then M is partially ordered by containment. We want to show first that each chain in M 
has a maximal element. If K = {X; : X; « M,j < J} is a chain, let 


X' =| Xx. 


ig 


If a,b € X’, then there exists an i,j ¢ J witha ¢ X,,b « X;. Since K is a chain, either 
X; c X; or X; c X;. Without loss of generality, suppose that X; c X; so that a,b < X). 
Thena+b eX, X’, and ab « a x. since X; is an ideal. Furthermore, ifr ¢ R, then 
rac X;cX " since X; is an ideal. Therefore, X is an ideal in R. 

Since X; # R, it follows that 1 ¢ X; for all j < J. Therefore, 1 ¢ X', and so X’ # R. It 
follows that under the partial order of containment X’ is an upper bound for K. 

We now use Zorn’s lemma. From the argument above, we have that each chain has 
a maximal element. Hence, for an ideal J, the set M above has a maximal element. This 
maximal element I, is then a maximal ideal containing I. 
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Recall again that in the integers Z, each ideal J is of the form nZ for some integer n. 
Hence, in Z, each ideal can be generated by a single element. 
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Lemma 2.5.1. Let R be a commutative ring and a,,...,a, be elements of R. Then the set 
(Q4,.-25An) = {1yQy + +++ + Tp An 2 7; € R} 


forms an ideal in R called the ideal generated by ay,..., Ay. 


Proof. The proof is straightforward. Let 
Q=7A,+++++TyAn, D =A, +--+ +S), 
with ry,...51_>Sz,---»S, elements of R, be two elements of (a,,...,a,,). Then 


a+b = (ry + S$,)Q, +--+ + (Tp tSp)Qn € (Ay.--5 Ay) 


ab = (14814) Q, + (14820,)Az + +++ + (TpSnAn)Ay € (Ay... An)s 
SO (a,,...,A,) forms a subring. Furthermore, ifr ¢ R, we have 


ra = (I171)Q, + +++ + (ITy)An € (Ay, .--5An)s 


and so (q,,...,@,) is an ideal. 


Definition 2.5.2. Let R be a commutative ring. An idealJ c Ris a principal ideal if it has 
a single generator. That is, 


I=(a)=aR forsomeae R. 


We now restate Theorem 1.4.7 of Chapter 1. 


Theorem 2.5.3. Every nonzero ideal in Z is a principal ideal. 


Proof. Every ideal J in Z is of the form nZ. This is the principal ideal generated by n. 


Definition 2.5.4. A principal ideal domain or PID is an integral domain, in which every 
ideal is principal. 


Corollary 2.5.5. The integers Z are a principal ideal domain. 


We mention that the set of polynomials K [x] with coefficients from a field K is also 
a principal ideal domain. We will return to this in the next chapter. 

Not every integral domain is a PID. Consider K[x, y] = (K[x])[y], the set of polyno- 
mials over K in two variables x, y (see Chapter 4). Let J consist of all the polynomials 
with zero constant term. 


Lemma 2.5.6. The set I in K[x,y] as defined above is an ideal, but not a principal ideal. 


Proof. We leave the proof that I forms an ideal to the exercises. To show that it is not 
a principal ideal, suppose I = (p(x, y)). Now the polynomial q(x) = x has zero constant 
term, so q(x) € I. Hence, p(x, y) cannot be a constant polynomial. In addition, if p(x, y) 
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had any terms with y in them, there would be no way to multiply p(x, y) by a polynomial 
h(x, y) and obtain just x. Therefore, p(x, y) can contain no terms with y in them. But the 
same argument, using s(y) = y, shows that p(x, y) cannot have any terms with x in them. 
Therefore, there can be no such p(x, y) generating J, and so, J is not principal, and K [x, y] 


is not a principal ideal domain. 


2.6 Exercises 


1. 


Consider the set (r,I) = {rx +i: x € R,i € I}, where J is an ideal. Prove that this is 
also an ideal called the ideal generated by r and J, denoted (r, I). 

Let R and S be commutative rings, and let ¢ : R > S be a ring epimorphism. Let 
M be a maximal ideal in R. Show that ¢(M) is a maximal ideal in S if and only if 
ker(@) c M. Is @(M) always a prime ideal of S? 

Let Aj,...,A, be ideals of a commutative ring R. Let P be a prime ideal of R. Show: 
(i) N41 Ai c Pimplies A; ¢ P for at least one index j. 

(ii) NA: = P implies Aj = P for at least one index j. 

Which of the following ideals A are prime ideals of R? Which are maximal ideals? 
(i) A=(x),R=Z[x]. 

(i) A = (x*), R= Z[x]. 

(iii) A = (1+ V5), R = Z[V5] = {a+ bV5: abe Zh. 

(iv) A = (y), R = QI). 

Let w = 5(1+ v-3). Show that (2) is a prime ideal and even a maximal ideal of Z[w], 
but (2) is neither a prime ideal nor a maximal ideal of Z[i], i= V—1 € C. 

Let R = {f : a,b € Z,b odd}. Show that R is a subring of Q, and that there is only 
one maximal ideal M in R. 

Let R be a commutative ring with an identity. Let x,y « Rand x # 0 not be a zero di- 
visor. Furthermore, let (x) be a prime ideal with (x) c (y) # R. Show that (x) = (y). 
Consider K [x,y] the set of polynomials over K in two variables x, y. Let I consist of 
all the polynomials with zero constant term. Prove that the set J is an ideal. 


3 Prime Elements and Unique Factorization Domains 


In this chapter we use again polynomials over integral domains with one or two indeter- 
minates in an elementary fashion. We will consider polynomial rings in detail in later 
chapters. 


3.1 The Fundamental Theorem of Arithmetic 


The integers Z have served as much of our motivation for properties of integral do- 
mains. In the last chapter, we saw that Z is a principal ideal domain, and furthermore, 
that prime ideals # {0} are maximal. From the viewpoint of the multiplicative structure 
of Z and the viewpoint of classical number theory, the most important property of Z 
is the fundamental theorem of arithmetic. This states that any integer n + 0 is uniquely 
expressible as a product of primes, where uniqueness is up to ordering and the intro- 
duction of +1; that is, units. In this chapter, we show that this property is not unique to 
the integers, and there are many other integral domains, where this also holds. These 
are called unique factorization domains, and we will present several examples. First, we 
review the fundamental theorem of arithmetic, its proof and several other ideas from 
classical number theory. 


Theorem 3.1.1 (Fundamental theorem of arithmetic). Given any integer n # 0, there isa 
factorization 


N = CpiP2°-* Px 


where c = +1 and p,,...,p, are primes. Furthermore, this factorization is unique up to 
the ordering of the factors. 


There are two main ingredients that go into the proof: induction and Euclid’s lemma. 
We presented this in the last chapter. In turn, however, Euclid’s lemma depends upon 
the existence of greatest common divisors and their linear expressibility. Therefore, to 
begin, we present several basic ideas from number theory. 

The starting point for the theory of numbers is divisibility. 


Definition 3.1.2. Ifa, b are integers, we say that a divides b, or that ais a factor or divisor 
of b, if there exists an integer q such that b = aq. We denote this by a|b. bis thena multiple 
of a.Ifb > 1is aninteger whose only factors are +1, +b, then b is a prime, otherwise, b > 1 
is composite. 


The following properties of divisibility are straightforward consequences of the def- 
inition. 
Lemma 3.1.3. The following properties hold: 


() alb = albc for any integer c. 
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(2) alb and b\c implies alc. 

(3) alb and a|c implies that a|(bx + cy) for any integers x, y. 
(4) alb and b\a implies that a = +b. 

(5) Ifalbanda>0,b>0,thena<b. 

(6) albifand only if ca|cb for any integer c # 0. 

(7) al0 for alla € Z, and Ola only for a = 0. 

(8) a|+1only fora = +1. 

(9) a,|b, and a,|b, implies that a,ay|b,b>. 


If b, c, x, y are integers, then an integer bx + cy is called a linear combination of b, c. 
Thus, part (3) of Lemma 3.1.3 says that if ais a common divisor of b, c, then a divides any 
linear combination of b and c. 

Furthermore, note that if b > 1is a composite, then there exists x > 0 and y > 0 such 
that b = xy, and from part (5), we must have1 <x <b,1<y<b. 

In ordinary arithmetic, given a,b, we can always attempt to divide a into b. The 
next result, called the division algorithm, says that if a > 0, either a will divide b, or the 
remainder of the division of b by a will be less than a. 


Theorem 3.1.4 (Division algorithm). Given integers a, b witha > 0, then there exist unique 
integers q andr such that b = qa +1, where eitherr =Oor0<r<a. 


One may think of q andr as the quotient and remainder, respectively, when dividing 
bbya. 


Proof. Given a, b with a > 0, consider the set 
S={b-qa>=0:qéZ}. 


If b > 0, then b+ a = O, and the sum is in S. If b < 0, then there exists a q > 0 with 
—qa < b. Then b + qa > 0 and is in S. Therefore, in either case, S is nonempty. Hence, S 
is anonempty subset of IN u {0} and, therefore, has a least element r. If r # 0, we must 
show that 0 < r < a. Supposer > a, thenr = a+x with x > 0,andx < rsincea > 0. 
Then b-qa=r=a+x => b-(q+1a = x. This means that x ¢€ S. Since x < r, this 
contradicts the minimality of r, which is a contradiction. Therefore, ifr # 0, it follows 
thatO<r<a. 

The only thing left is to show the uniqueness of g and r. Suppose b = q,a +r; also. 
By the construction above, r, must also be the minimal element of S. Hence, r, < r, and 
r<r,sor=r,.Now 


b-qa=b-qa => (q4-qQMa=0, 


but since a > 0, it follows that q, — q = 0 so that q = q;. 


The next idea that is necessary is the concept of greatest common divisor. 
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Definition 3.1.5. Given nonzero integers a,b, their greatest common divisor or GCD 
d > Ois a positive integer such that it is their common divisor, that is, dja and d|b, and 
if d, is any other common divisor, then d,|d. We denote the greatest common divisor of 
a,b by either gcd(a, b) or (a, b). 


Certainly, if a, b are nonzero integers with a > 0 and a|b, then a = gcd(a, b). 
The next result says that given any nonzero integers, they do have a greatest com- 
mon divisor, and it is unique. 


Theorem 3.1.6. Given nonzero integers a, b, their GCD exists, is unique, and can be char- 
acterized as the least positive linear combination of a and b. 


Proof. Given nonzero a, b, consider the set 
S = {ax + by >0: x,y € Z}. 


Now, a” + b” > 0, so S is anonempty subset of IN and, hence, has a least element, d > 0. 
We show that d is the GCD. 

First we must show that d is a common divisor. Now d = ax + by and is the least 
such positive linear combination. By the division algorithm, a = qd+rwithO<r<d. 
Suppose r # 0. Thenr = a- qd = a - q(ax + by) = (1- qx)a- qby > 0. Hence, risa 
positive linear combination of a and bd, and therefore in S. But then r < d, contradicting 
the minimality of d in S. It follows that r = 0, and so, a = qd, and dja. An identical 
argument shows that d|b, and so, d is a common divisor of a and b. Let d, be any other 
common divisor of a and b. Then d, divides any linear combination of a and b, and so 
d,|d. Therefore, d is the GCD of a and b. 

Finally, we must show that d is unique. Suppose d, is another GCD of a and b. Then 
d, > 0, and d, is acommon divisor of a, b. Then d,|d since d is a GCD. Identically, d|d, 
since d, is a GCD. Therefore, d = +d,, and then d = d, since they are both positive. 


If (a,b) = 1, then we say that a,b are relatively prime. It follows that a and b are 
relatively prime if and only if 1 is expressible as a linear combination of a and b. We 
need the following three results: 


Lemma 3.1.7. If d = (a,b), thena = a,d and b = b,d with (a;, b,) = 1. 
Proof. If d = (a,b), then dja, and d|b. Hence, a = a,d, and b = b,d. We have 


d= ax + by =a,dx + bydy. 
Dividing both sides of the equation by d, we obtain 


1=a,x + by. 


Therefore, (a,, b,) = 1. 
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Lemma 3.1.8. For any integer c, we have that (a, b) = (a,b + ac). 
Proof: Suppose (a,b) = d and (a,b + ac) = d,. Now dis the least positive linear combi- 
nation of a and b. Suppose d = ax + by. d, is a linear combination of a, b + ac so that 


d, = ar+(b+ac)s = a(cs +r) + bs. 


Hence, d, is also a linear combination of a and b; therefore, d, > d. On the other hand, 
d,|a, and d,|(b + ac), and so, d,|b. Therefore, d,|d, so d, < d. Combining these, we must 
have d, = d. 


The next result, called the Euclidean algorithm, provides a technique for both find- 
ing the GCD of two integers and expressing the GCD as a linear combination. 


Theorem 3.1.9 (Euclidean algorithm). Given integers b anda > 0 witha + b, the following 
repeated divisions are formed: 


b=qat+nm, O<rnA<a 
A= Gol, +1, 0<mM<ry 


Tr-2 = Anl natty 9< Tr <Tra 


Pra = In! n- 


The last nonzero remainder r,, is the GCD of a, b. Furthermore, r,, can be expressed as 
a linear combination of a and b by successively eliminating the r;,’s in the intermediate 
equations. 


Proof. In taking the successive divisions as outlined in the statement of the theorem, 
each remainder r; gets strictly smaller and still nonnegative. Hence, it must finally end 
with a zero remainder. Therefore, there is a last nonzero remainder r,,. We must show 
that this is the GCD. 

Now from Lemma 3.1.7, the gcd (a, b) = (a, b- qya) = (@,1y) = (1, A- GoI1) = (11.12). 
Continuing in this manner, we have then that (a, b) = (Ty_1,'n) = 1, since r, divides r,_4. 
This shows that r,, is the GCD. 

To express r,, as a linear combination of a and J, first notice that 


Pr =Tr-2- Wl n-1- 
Substituting this in the immediately preceding division, we get 


Pn = Tn-2- In n-3 ~ Qn-1" n-2) =(1+ An In—1) n-2 — An" n-3- 


Doing this successively, we ultimately express r,, as a linear combination of a and b. 
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Example 3.1.10. Find the GCD of 270 and 2412, and express it as a linear combination of 
270 and 2412. 
We apply the Euclidean algorithm 


2412 = 8-270 + 252 
270 = 1-252 + 18 
252 = 14 - 18. 


Therefore, the last nonzero remainder is 18, which is the GCD. We now must express 18 
as a linear combination of 270 and 2412. 
From the first equation 


252 = 2412 - 8 - 270, 
which gives in the second equation 
270 = 2412-8-270+18 => 18 =-1-2412+9-270, 


which is the desired linear combination. 


The next result that we need is Euclid’s lemma. We stated and proved this in the last 
chapter, but we restate it here. 


Lemma 3.1.11 (Euclid’s lemma). Ifp is a prime and p|ab, then pja, or p\b. 


We can now prove the fundamental theorem of arithmetic. Induction suffices to 
show that there always exists such a decomposition into prime factors. 


Lemma 3.1.12. Any integer n > 1 can be expressed as a product of primes, perhaps with 
only one factor. 


Proof. The proof is by induction. n = 2 is prime. Therefore, it is true at the lowest level. 
Suppose that any integer 2 < k < ncan be decomposed into prime factors, we must 
show that n then also has a prime factorization. 

If nis prime, then we are done. Suppose then that n is composite. Hence, n = mm, 
with 1 < m, < n,1 < m, < n. By the inductive hypothesis, both m, and m, can be 
expressed as products of primes. Therefore, n can, also using the primes from m, and 
My, completing the proof. 


Before we continue to the fundamental theorem, we mention that the existence of 
a prime decomposition, unique or otherwise, can be used to prove that the set of primes 
is infinite. The proof we give goes back to Euclid and is quite straightforward. 


Theorem 3.1.13. There are infinitely many primes. 


Proof. Suppose that there are only finitely many primes pj,..., p,. Each of these is pos- 
itive, so we can form the positive integer 
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N = pPypo-++ Py t+ 1. 


From Lemma 3.1.12, N has a prime decomposition. In particular, there is a prime p, which 
divides N. Then 


P\(P1P2°+*Pn +1). 


Since the only primes are assumed p;,).,...,DP,, it follows that p = p; for some i = 
L...,n. But then p|p,p2---p;--- Pn SO p cannot divide p, ---p, + 1, which is a contradic- 
tion. Therefore, p is not one of the given primes showing that the list of primes must be 
endless. 


We can now prove the fundamental theorem of arithmetic. 


Proof: We assume that n > 1. Ifn < -1, we usec = —n, and the proof is the same. The 
statement certainly holds for n = 1 with k = 0. Now suppose n > 1. From Lemma 3.1.12, 
nhas a prime decomposition: 


N= PiP2°--Pm- 


We must show that this is unique up to the ordering of the factors. Suppose then that n 
has another such factorization n = q,q2---q; with the q; all prime. We must show that 
m =k, and that, the primes are the same. Now we have 


N= PyP2°°*Pm = "+ * Uk: 


Assume that k > m. From 


N= PyP2°-*Pm = "°° * Tk 


it follows that p,|q,q2 ---q,. From Lemma 3.1.11 then, we must have that p,|q; for some i. 
But q; is prime, and p, > 1, so it follows that p, = q,. Therefore, we can eliminate p, and 
q; from both sides of the factorization to obtain 


Po***Pm = WN ** Gi-1 Fist °° Ik: 


Continuing in this manner, we can eliminate all the p; from the left side of the factoriza- 
tion to obtain 


1= Gms Uk: 


If mat --+> Ue Were primes, this would be impossible. Therefore, m = k, and each prime 
p; was included in the primes qj, ..., qm. Therefore, the factorizations differ only in the 
order of the factors, proving the theorem. 
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3.2 Prime Elements, Units and Irreducibles 


We now let R be an arbitrary integral domain and attempt to mimic the divisibility def- 
initions and properties. 


Definition 3.2.1. Let R be an integral domain. 

(1) Suppose that a,b € R. Then a is a factor or divisor of b if there exists ac € R with 
b = ac. We denote this, as in the integers, by alb. If a is a factor of b, then D is called 
a multiple of a. 

(2) Anelement a ¢€ R is a unit if a has a multiplicative inverse within R; that is, there 
exists an element a! € Rwith aa! =1. 

(3) A prime element of R is an element p + 0 such that p is not a unit, and if p|ab, then 
pla or p|b. 

(4) Anirreducible element in R is an element c # 0 such that cis not a unit, andifc = ab, 
then a or b must be a unit. 

(5) aandbin Rare associates if there exists a unit e ¢ R witha = eb. 


Notice that in the integers Z, the units are just +1. The set of prime elements co- 
incides with the set of irreducible elements. In Z, these are precisely the set of prime 
numbers. On the other hand, if K is a field, every nonzero element is a unit. Therefore, 
in K, there are no prime elements and no irreducible elements. 

Recall that the modular rings Z,, are fields (and integral domains) when nis a prime. 
In general, if n is not a prime then Z,, is a commutative ring with an identity, and a unit 
is still an invertible element. We can characterize the units within Z,. 


Lemma 3.2.2. a € Z,, is aunit ifand only if (a, n) = 1. 


Proof. Suppose (a,n) = 1. Then there exist x,y €¢ Z such that ax + ny = 1. This implies 
that ax = 1 (mod n), which in turn implies that ax = 1 in Z,, and, therefore, a is a unit. 

Conversely, suppose a is a unit in Z,,. Then there is an x € Z, with ax = 1. In terms 
of congruence then 


ax =1(modn) = ni(ax-1) = ax-1=ny = ax-ny=1. 


Therefore, 1 is a linear combination of a and n and so (a, n) = 1. 


If R is an integral domain, then the set of units within R will form a group. 


Lemma 3.2.3. If R is a commutative ring with an identity, then the set of units in R form 
an Abelian group under ring multiplication. This is called the unit group of R, denoted 
U(R). 


Proof. The commutativity and associativity of U(R) follow from the ring properties. The 
identity of U(R) is the multiplicative identity of R, whereas the ring multiplicative in- 
verse for each unit is the group inverse. We must show that U(R) is closed under ring 
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multiplication. Ifa € Risa unit, we denote its multiplicative inverse by a '. Now suppose 
a,b € U(R). Then a“, b™ exist. It follows that 


(ab)(b"'a"') = a(bb')a* -aa'=1. 


Hence, ab has an inverse, namely b-'a' (= a-'b! in a commutative ring) and, hence, 
ab is also a unit. Therefore, U(R) is closed under ring multiplication. 


In general, irreducible elements are not prime. Consider for example the subring of 
the complex numbers (see exercises) given by 


R = Z[iv5] = {x + iyv5: x,y € ZI. 


This is a subring of the complex numbers C and, hence, can have no zero divisors. There- 
fore, R is an integral domain. 
For an element x + iyV5 € R, define its norm by 


N(x + tyv5) = |x + tyv5| = x? + 5y’. 


Since x,y € Z, it is clear that the norm of an element in R is a nonnegative integer. 
Furthermore, if a « R with N(a) = 0, thena = 0. 
We have the following result concerning the norm: 


Lemma 3.2.4. Let Rand N be as above. Then 
(1) N(ab) = N(a)N(b) for any elements a,b € R. 
(2) The units of R are those a € R with N(a) = 1. InR, the only units are +1. 


Proof. The fact that the norm is multiplicative is straightforward and left to the exer- 
cises. Ifa € Ris a unit, then there exists a multiplicative inverse b € R with ab = 1. Then 
N(ab) = N(a)N(b) = 1. Since both N(a) and N(b) are nonnegative integers, we must 
have N(a) = N(b) = 1. 

Conversely, suppose that N(a) = 1. If a = x + iyV5, then x” + 5y” = 1. Since x,y € Z, 
we must have y = 0 and x” = 1. Thena = x = +1. 


Using this lemma we can show that R possesses irreducible elements that are not 
prime. 


Lemma 3.2.5. Let R be as above. Then 3 = 3 + i0 V5 is an irreducible element in R, but 3 is 
not prime. 


Proof. Suppose that 3 = ab with a,b € R and a,b nonunits. Then N(3) = 9 = N(a)N(b) 
with neither N(a) = 1, nor N(b) = 1. Hence, N(a) = 3, and N(b) = 3. Leta = x + iyV5. It 
follows that x” + 5y” = 3. Since x,y € Z, this is impossible. Therefore, one of a or b must 
be a unit, and 3 is an irreducible element. 
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We show that 3 is not prime in R. Let a = 2+iV5 and b = 2-iv5. Then ab = 9 and, 
hence, 3|ab. Suppose 3|a so that a = 3c for some c € R. Then 


9 = N(a) = N(3)N(c) = 9N(c) = N(c)=1. 


Therefore, c is a unit in R, and from Lemma 3.2.4, we get c = +1. Hence, a = +3. This 
is a contradiction, so 3 does not divide a. An identical argument shows that 3 does not 
divide b. Therefore, 3 is not a prime element in R. 


We now examine the relationship between prime elements and irreducibles. 


Theorem 3.2.6. Let R be an integral domain. Then 

(1) Each prime element of R is irreducible. 

(2) p € Risa prime element if and only if p + 0, and (p) = pR is a prime ideal. 

(3) p € Ris irreducible if and only if p # 0, and (p) = pR is maximal in the set of all 
principal ideals of R, which are not equal to R. 


Proof. (1) Suppose that p € Ris a prime element, and p = ab. We must show that either 
a or b must be a unit. Now p|ab, so either pla, or p|b. Without loss of generality, we may 
assume that pla, so a = pr for somer ¢€ R. Hence, p = ab = (pr)b = p(rb). However, R is 
an integral domain, so p - prb = p(1 - rb) = 0 implies that 1 - rb = 0 and, hence, rb = 1. 
Therefore, b is a unit and, hence, p is irreducible. 

(2) Suppose that p is a prime element. Then p # 0. Consider the ideal pR, and suppose 
that ab € pR. Then ab is a multiple of p and, hence, plab. Since p is prime, it follows that 
pla or p|b. If pja, then a € pR, whereas if p|b, then b € pR. Therefore, pR is a prime ideal. 

Conversely, suppose that pR is a prime ideal, and suppose that p = ab. Then ab € pR, 
soa € pR, or b € pR. Ifa € pR, then pla, and if b € pR, then p|b. Therefore, p is prime. 

(3) Let p be irreducible, then p # 0. Suppose that pR c aR, where a € R. Thenp=ra 
for some r € R. Since p is irreducible, it follows that either a is a unit, or r is a unit. If 
r is a unit, we have pR = raR = aR # R since pis not a unit. If a is a unit, then aR = R, 
and pR = rR # R. Therefore, pR is maximal in the set of principal ideals not equal to R. 
Conversely, suppose p # 0 and pR is amaximal ideal in the set of principal ideals # R. Let 
p = ab with a nota unit. We must show that bD is a unit. Since aR # R, and pR c aR, from 
the maximality we must have pR = aR. Hence, a = rp for somer € R. Then p = ab = rpb 
and, as before, we must have rb = 1and ba unit. 


Theorem 3.2.7. Let R be a principle ideal domain. Then we have the following: 

(1) An element p ¢€ R is irreducible if and only if it is a prime element. 

(2) A nonzero ideal of R is a maximal ideal if and only if it is a prime ideal. 

(3) The maximal ideals of R are precisely those ideals pR, where p is a prime element. 


Proof. First note that {0} is a prime ideal, but not maximal. 
(1) We already know that prime elements are irreducible. To show the converse, 
suppose that p is irreducible. Since R is a principal ideal domain from Theorem 3.2.6, we 
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have that pR is a maximal ideal, and each maximal ideal is also a prime ideal. Therefore, 
from Theorem 3.2.6, we have that p is a prime element. 

(2) We already know that each maximal ideal is a prime ideal. To show the converse, 
suppose that J # {0} is a prime ideal. Then J = pR, where p is a prime element with 
p # 0. Therefore, p is irreducible from part (1) and, hence, pR is a maximal ideal from 
Theorem 3.2.6. 

(3) This follows directly from the proof in part (2) and Theorem 3.2.6. 


This Theorem especially explains the following remark at the end of Section 2.3: In 
the principal ideal domain Z, a proper ideal is maximal if and only if it is a prime ideal. 


3.3 Unique Factorization Domains 


We now consider integral domains, where there is unique factorization into primes. If R 
is an integral domain and a, b € R, then we say that a and D are associates if there exists 
aunit e ¢ Rwitha = eb. 


Definition 3.3.1. An integral domain D is a unique factorization domain or UFD if for 
each d € D either d = 0, dis a unit, or d has a factorization into primes, which is unique 
up to ordering and unit factors. This means that if 


P= Py Pm = "Aes 


then m = k, and each p; is an associate of some qj. 


There are several relationships in integral domains that are equivalent to unique 
factorization. 


Definition 3.3.2. Let R be an integral domain. 

(1) Rhas property (A) if and only if for each nonunit a # 0 there are irreducible ele- 
ments q;,...,q, € R, satisfying a = q,---q,. 

(2) Rhas property (A’) if and only if for each nonunit a + 0 there are prime elements 
Py.--->Py € R, satisfying a = p,---D,. 

(3) R has property (B) if and only if whenever q,,...,q, and qj,...,q, are irreducible 
elements of R with q,---q, = q,---q,. Thenr = s, and there is a permutation 7 € S, 
such that for eachi ¢€ {1,...,r} the elements g; and Irii) are associates (uniqueness 
up to ordering and unit factors). 

(4) Rhas property (©) if and only if each irreducible element of R is a prime element. 


Notice that properties (A) and (C) together are equivalent to what we defined as 
unique factorization. Hence, an integral domain satisfying (A) and (C) is a UFD. Next, we 
show that there are other equivalent formulations. 


Theorem 3.3.3. In an integral domain R, the following are equivalent: 
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(1) Ris aUFD. 

(2) R satisfies properties (A) and (B). 
(3) R satisfies properties (A) and (C). 
(4) R satisfies property (A’). 


Proof. As remarked before, the statement of the theorem by definition (A) and (C) are 
equivalent to unique factorization. We show here that (2), (3), and (4) are equivalent. 

First, we show that (2) implies (3). 

Suppose that R satisfies properties (A) and (B). We must show that it also satisfies (C); 
that is, we must show that if q € R is irreducible, then q is prime. Suppose that q € R 
is irreducible and qg|ab with a,b € R. Then we have ab = cq for somec ¢€ R.Ifaisa 
unit from ab = cq, we get that b = a’‘'cq, and q|b. The results are identical if b is a unit. 
Therefore, we may assume that neither a nor b are units. 

If c = 0, then since R is an integral domain, either a = 0, or b = 0, and g|a, or q|b. 
We may assume then that c # 0. 

If c is a unit, then g = cab, and since q is irreducible, either cla, or D are units. If 
c‘aisa unit, then ais also a unit. Therefore, if cis a unit, either a or b are units contrary 
to our assumption. 

Therefore, we may assume that c # 0, and c is not a unit. From (A) we have 


a=h-" 
b= q\--4 
coal at, 


where q),--- Gr Io G'>---q; are all irreducibles. Hence, 


he GaN Ud 


From (B), q is an associate of some q; or qj. Hence, q|q; or q\q;- It follows that q|a, or 
q\|b and, therefore, q is a prime element. 

That (3) implies (4) is direct. 

We show that (4) implies (2). Suppose that R satisfies (A’). We must show that it satis- 
fies both (A) and (B). We show first that (A) follows from (A’) by showing that irreducible 
elements are prime. Suppose that q is irreducible. Then from (A’), we have 


4 =P\-°:Pr 


with each p; prime. It follows, without loss of generality, that p---p, is a unit, and p, isa 
nonunit and, hence, p;|1 for i = 2,...,r. Thus, q = p,, and q is prime. Therefore, (A) holds. 
We now show that (B) holds. Let 


he =U 
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where q;, qj are all irreducibles; hence primes. Then 


G1 Ir» 


and so, q;|q; for some i. Without loss of generality, suppose qj|q,. Then q, = aq}. Since q, 
is irreducible, it follows that ais a unit, and q, and qj are associates. It follows then that 


Aq *** Gr = 43° 


since R has no zero divisors. Property (B) holds then by induction, and the theorem is 
proved. O 


Note that in our new terminology, Z is a UFD. In the next section, we will present 
other examples of UFD’s. However, not every integral domain is a unique factorization 
domain. 

As we defined in the last section, let R be the following subring of C: 


R= Z[iv5] = {x + iyv5: x,y € ZI. 


R is an integral domain, and we showed, using the norm, that 3 is an irreducible in R. 
Analogously, we can show that the elements 2 + iv5, 2 -iv5 are also irreducibles in R, 
and furthermore, 3 is not an associate of either 2 + iV5 or 2 —iv5. Then 


9 =3-3 = (2+iv5)(2—iv5) 


give two different decompositions for an element in terms of irreducible elements. The 
fact that R is not a UFD also follows from the fact that 3 is an irreducible element, which 
is not prime. 

Unique factorization is tied to the famous solution of Fermat’s big theorem. Wiles 
and Taylor in 1995 proved the following: 


Theorem 3.3.4. The equation x? + y? = z? has no integral solutions with xyz # 0 for any 
prime p > 3. 
Kummer tried to prove this theorem by attempting to factor x? = z? — y?. We call 
ami 
the statement of Theorem 3.3.4 in an integral domain R property (F,). Let e = e? . Then 
p-1 


a-yP =| ](z-ely). 
j=0 


View this equation in the ring: 


j=0 


pale is 
R=Z[e] = [dae «zt. 
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Kummer proved that if R is a UFD, then property (F,) holds. However, independently, 
from Uchida and Montgomery (1971), R is a UFD only if p < 19 (see [59]). 


3.4 Principal Ideal Domains and Unique Factorization 


In this section, we prove that every principal ideal domain (PID) is a unique factorization 
domain (UFD). We say that an ascending chain of ideals in R 


chc---cIhc-:: 


becomes stationary if there exists an m such that I, = I, for allr > m. 


Theorem 3.4.1. Let R be an integral domain. If each ascending chain of principal ideals 
in R becomes stationary, then R satisfies property (A). 


Proof. Suppose that a # 0 is a not a unit in R. Suppose that a is not a product of ir- 
reducible elements. Clearly then, a cannot itself be irreducible. Hence, a = a,b, with 
a,,b, € R, and a,, b, are not units. If both a, or b, can be expressed as a product of irre- 
ducible elements, then so can a. Without loss of generality then, suppose that a, is not a 
product of irreducible elements. 

Since a,|a, we have the inclusion of ideals aR ¢ a,R. If a,R = aR, then a, € aR, and 
a, = ar = a,b,r, which implies that b, is a unit contrary to our assumption. Therefore, 
aR # a,R, and the inclusion is proper. By iteration then, we obtain a strictly increasing 
chain of ideals 


aRcaRc-:-ca,Rc--:. 


From our hypothesis on R, this must become stationary, contradicting the argument 
above that the inclusion is proper. Therefore, a must be a product of irreducibles. 


Theorem 3.4.2. Each principal ideal domain R is a unique factorization domain. 


Proof. Suppose that R is a principal ideal domain. R satisfies property (C) by Theo- 
rem 3.2.7(1). Therefore, to show that it is a unique factorization domain, we must show 
that it also satisfies property (A). From the previous theorem, it suffices to show that 
each ascending chain of principal ideals becomes stationary. Consider such an ascend- 
ing chain 


QRcaRc-:-ca,Rc-:-. 


Now let 
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Now J is an ideal in R; hence a principal ideal. Therefore, J = aR for some a € R. Since 
I is a union, there exists an m such that a «€ a,,R. Therefore, I = aR c a,,R and, hence, 
I=a,)R, and a;R ¢ aR for alli => m. Therefore, the chain becomes stationary and, from 
Theorem 3.4.1, R satisfies property (A). 


Since we showed that the integers Z are a PID, we can recover the fundamental 
theorem of arithmetic from Theorem 3.4.2. We now present another important example 
of a PID; hence a UFD. In the next chapter, we will look in detail at polynomials with 
coefficients in an integral domain. Below, we consider polynomials with coefficients in 
a field, and for the present leave out many of the details. 

If K is a field and n is a nonnegative integer, then a polynomial of degree n over K is 
a formal sum of the form 


P(X) = dy + 4X +--+ +4,Xx" 

with a; € K fori = 0,...,n, a, # 0, and x an indeterminate. A polynomial P(x) over K 
is either a polynomial of some degree or the expression P(x) = 0, which is called the 
zero polynomial, and has degree —oo. We denote the degree of P(x) by deg P(x). A poly- 
nomial of zero degree has the form P(x) = Qp and is called a constant polynomial, and 
can be identified with the corresponding element of K. The elements a; € K are called 
the coefficients of P(x); a, is the leading coefficient. If a,, = 1, P(x) is called a monic poly- 
nomial. Two nonzero polynomials are equal if and only if they have the same degree 
and exactly the same coefficients. A polynomial of degree 1 is called a linear polynomial, 
whereas one of degree two is a quadratic polynomial. 

We denote by K[x] the set of all polynomials over K, and we will show that K[x] 
becomes a principal ideal domain; hence a unique factorization domain. We first de- 
fine addition, subtraction, and multiplication on K[x] by algebraic manipulation. That 
is, suppose P(x) = dy + GX + +++ + ApX", Q(X) = by + DyX + +++ +b, x", then 


P(X) + Q(X) = (Ap + Dg) + (Q, + Dy)X +--+; 


that is, the coefficient of xtin P(x) + Q(x) is a; + b;, where a; = 0 fori > n, and bj = 0 for 
j > m. Multiplication is given by 


P(X)Q(Xx) = (dbo) + (Ayo + Ayby)X + (gb, + AyD, + Aybo)x* +++ + (gD) XO"; 
that is, the coefficient of x! in P(x)Q(x) is (ab; + a,b;_, +--+ + jb). 
Example 3.4.3. Let P(x) = 3x" + 4x - 6 and Q(x) = 2x +7 be in Q[x]. Then 
P(x) + Q(x) = 3x" + 6x +1 


and 


P(x)Q(x) = (3x? + 4x - 6)(2x + 7) = 6x? + 29x? + 16x - 42. 
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From the definitions, the following degree relationships are clear. The proofs are in 
the exercises. 


Lemma 3.4.4. Let 0 # P(x), 0 # Q(x) in K[x]. Then the following hold: 
() deg P(x)Q(x) = deg P(x) + deg Q(x). 
(2) deg(P(x) + Q(x)) < max(deg P(x), deg Q(x) if P(X) + Q(X) # 0. 


We next obtain the following: 


Theorem 3.4.5. If K is a field, then K[x] forms an integral domain. K can be naturally 
embedded into K[x] by identifying each element of K with the corresponding constant 
polynomial. The only units in K[x] are the nonzero elements of K. 


Proof. Verification of the basic ring properties is solely computational and is left to the 
exercises. Since deg P(x)Q(x) = deg P(x) + deg Q(x), it follows that if neither P(x) # 0, 
nor Q(x) # 0, then P(x)Q(x) # 0 and, therefore, K [x] is an integral domain. 

If G(x) is a unit in K[x], then there exists an H(x) € K[x] with G(x)H(x) = 1. From 
the degrees, we have deg G(x) + deg H(x) = 0, and since deg G(x) = 0, deg H(x) = 0. This 
is possible only if deg G(x) = deg H(x) = 0. Therefore, G(x) € K. 


Now that we have K[x] as an integral domain, we proceed to show that K[x] is a 
principal ideal domain and, hence, there is unique factorization into primes. 

We first repeat the definition of a prime in K[x]. If 0 # f(x) has no nontrivial, 
nonunit factors (it cannot be factorized into polynomials of lower degree), then f(x) is 
a prime in K[x] or a prime polynomial. A prime polynomial is also called an irreducible 
polynomial. Clearly, if deg g(x) = 1, then g(x) is irreducible. 

The fact that K[x] is a principal ideal domain follows from the division algorithm 
for polynomials, which is entirely analogous to the division algorithm for integers. 


Lemma 3.4.6 (Division algorithm in K[x]). If0 # f(x), 0 # g(x) € K[x], then there exist 
unique polynomials q(x), r(x) € K[x] such that f(x) = qayg(x) + r(x), where r(x) = 0 or 
deg r(x) < deg g(x). 

(The polynomials q(x) and r(x) are called, respectively, the quotient and remainder.) 


We give a formal proof in Chapter 4 on polynomials and polynomial rings. For now 
we content ourselves here with doing two computations in Q[x] in the following exam- 
ple. 


Example 3.4.7. (1) Let f(x) = 3x* — 6x” + 8x — 6, g(x) = 2x” +4. Then 


3x4 6x2 +8x-6 3 
- mI — = 72 6 with remainder 8x + 18. 
+ 


Thus, here, q(x) = 3x? —6,r(x) = 8x +18. 
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(2) Let f(x) = 2x? + 2x* + 6x? + 10x? + 4x, g(x) = x? +x. Then 


2x° + 2x* + 6x? + 10x? + 4x 
x2 4X 


= 2x34 6x +4, 


Thus, here, q(x) = 2x + 6x + 4, and r(x) = 0. 


Theorem 3.4.8. Let K be a field. Then the polynomial ring K[x] is a principal ideal do- 
main; hence a unique factorization domain. 


Proof. The proof is essentially analogous to the proof in the integers. Let I be an ideal 
in K[x] with I # K[x]. Let f(x) be a polynomial in I of minimal degree. We claim that 
I = (f(x)), the principal ideal generated by f(x). Let g(x) € J. We must show that g(x) is 
a multiple of f(x). By the division algorithm in K [x], we have 


&(x) = qf (x) + r(x), 


where r(x) = 0, or deg(r(x)) < deg(f(x)). If r(x) # 0, then deg(r(x)) < deg(f(x)). How- 
ever, r(x) = g(xX)-q(x)f (x) € Isince J is an ideal, and g(x), f(x) € I. This is a contradiction 
since f(x) was assumed to be a polynomial in I of minimal degree. Therefore, r(x) = 0 
and, hence, g(x) = q(x)f(x) is a multiple of f(x). Therefore, each element of I is a multi- 
ple of f(x) and, hence, I = (f(x)). 

Therefore, K [x] is a principal ideal domain and, from Theorem 3.4.2, a unique fac- 
torization domain. 


We proved that in a principal ideal domain, every ascending chain of ideals becomes 
stationary. In general, a ring R (commutative or not) satisfies the ascending chain con- 
dition or ACC if every ascending chain of left (or right) ideals in R becomes stationary. 
A ring satisfying the ACC is called a Noetherian ring. 


3.5 Euclidean Domains 


In analyzing the proof of unique factorization in both Z and K [x], it is clear that it de- 
pends primarily on the division algorithm. In Z, the division algorithm depended on 
the fact that the positive integers could be ordered, and in K [x], on the fact that the de- 
grees of nonzero polynomials are nonnegative integers and, hence, could be ordered. 
This basic idea can be generalized in the following way. 


Definition 3.5.1. An integral domain D is a Euclidean domain if there exists a function 
N from D* = D \ {0} to the nonnegative integers such that: 

() Nr) < N(yr,) for any 71,17, € D*. 

(2) For allr,,r, ¢ Dwithr, # 0, there exist g,r ¢ Dsuch that 


ie) = qry TAT 
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where either r = 0, or N(r) < N(r,). 


The function N is called a Euclidean norm on D. 


Therefore, Euclidean domains are precisely those integral domains, which allow 
division algorithms. In the integers Z, define N(z) = |z|. Then N is a Euclidean norm on 
Z and, hence, Z is a Euclidean domain. On K [x], define N(p(x)) = deg(p(x)) if p(x) # 0. 
Then N is also a Euclidean norm on K [x] so that K [x] is also a Euclidean domain. In any 
Euclidean domain, we can mimic the proofs of unique factorization in both Z and K [x] 
to obtain the following: 


Theorem 3.5.2. Every Euclidean domain is a principal ideal domain; hence a unique fac- 
torization domain. 


Before proving this theorem, we must develop some results on the number theory 
of general Euclidean domains. First, some properties of the norm. 


Lemma 3.5.3. IfR is a Euclidean domain then the following hold: 
(a) N(1) is minimal among {N(r):r € R*}. 

(b) N(u) = N(1) ifand only ifu is a unit. 

(c) N(a) = N(b) for a,b € R* ifa,b are associates. 

(d) N(a) < N(ab) unless b is a unit. 


Proof. (a) From property (1) of Euclidean norms, we have 
N(1)<NQ-r)=N(r) foranyr« R’. 
(b) Suppose w is a unit. Then there exists uw with u- uw"! = 1. Then 
N(u) < N(u-u~) = N(). 


From the minimality of N(1), it follows that N(u) = N(1). 
Conversely, suppose N(u) = N(1). Apply the division algorithm to get 


1l=qu+r. 
Ifr # 0, then N(r) < N(u) = N(Q), contradicting the minimality of N(1). Therefore, r = 0, 
and 1 = qu. Then u has a multiplicative inverse and, hence, is a unit. 
(c) Suppose a,b € R* are associates. Then a = ub with wa unit. Then 
N(b) < N(ub) = N(a). 


On the other hand, b = u"‘a. Therefore, 


N(a)< N(w'a) = N(b). 
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Since N(a) < N(b), and N(b) < N(a), it follows that N(a) = N(b). 
(d) Suppose N(a) = N(ab). Apply the division algorithm 


a= q(ab) +r, 
where r = 0, or N(r) < N(ab). Ifr # 0, then 
r=a-qab=a(1-qb) = N(ab) = N(a) < N(a(1- qb)) = N(r), 


contradicting that N(r) < N(ab). Hence, r = 0, and a = q(ab) = (qb)a. Then 


a=(qb)a=1-a = qb=1 


since there are no zero divisors in an integral domain. Hence, b is a unit. 
Since N(a) < N(ab), it follows that if b is not a unit, we must have N(a) < N(ab). 


We can now prove Theorem 3.5.2. 


Proof. Let D be a Euclidean domain. We show that each ideal J # D in D is principal. 
Let J # D be an ideal in D. IfI = {0}, then J = (0), and / is principal. Therefore, we 
may assume that there are nonzero elements in J. Hence, there are elements x € J with 
strictly positive norm. Let a be an element of J of minimal norm. We claim that I = (a). 
Let b € I. We must show that D is a multiple of a. Now by the division algorithm 


b=qa+r, 
where either r = 0, or N(r) < N(a). As in Z and K [x], we have a contradiction ifr # 0. In 


this case, N(r) < N(a), but r = b- qa € I since I is an ideal, contradicting the minimality 
of N(a). Therefore, r = 0, and b = qa and, hence, I = (a). 


As a final example of a Euclidean domain, we consider the Gaussian integers 
Z{i] = {a+ bi: a,b € Z}. 


It was first observed by Gauss that this set permits unique factorization. To show this, 
we need a Euclidean norm on Z[i]. 


Definition 3.5.4. If z = a+ bi € Z[i], then its norm N(z) is defined by 
N(a+ bi) =a’ +b’. 


The basic properties of this norm follow directly from the definition (see exercises). 


Lemma 3.5.5. Ifa, B € Z[i] then we have the following: 
() N(a) is an integer for alla € Z[i). 
(2) N(a) = 0 for alla € Z{i). 
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(3) N(a) = 0ifand only ifa = 0. 
(4) N(a) =1foralla #0. 
(5) N(aB) = N(a)N(B); that is, the norm is multiplicative. 


From the multiplicativity of the norm, we have the following concerning primes 
and units in Z[i]. 


Lemma 3.5.6. (1) u € Z[i] is aunit if and only if N(u) = 1. 
(2) If € Z[i] and N(z) = p, where pis an ordinary prime in Z, then x is a prime in Z[i]. 


Proof. Certainly u is a unit if and only if N(u) = N(1). But in Z[i], we have N(1) = 1. 
Therefore, the first part follows. 

Suppose next that z € Z[i] with N(z) = p for some p «€ Z. Suppose that 7 = 7715. 
From the multiplicativity of the norm, we have 


N() = p = N(m)N (7). 


Since each norm is a positive ordinary integer, and p is a prime, it follows that either 
N(z,) = 1, or N(zt,) = 1. Hence, either 7, or 7, isa unit. Therefore, 7 is a prime in Z[i]. 


Armed with this norm, we can show that Z[i] is a Euclidean domain. 
Theorem 3.5.7. The Gaussian integers Zi] form a Euclidean domain. 


Proof. That Z[i] forms a commutative ring with an identity can be verified directly and 
easily. If aB = 0, then N(a)N() = 0, and since there are no zero divisors in Z, we must 
have N(a) = 0, or N(f) = 0. But then either a = 0, or 8 = 0 and, hence, Z[i] is an integral 
domain. To complete the proof, we show that the norm N is a Euclidean norm. 

From the multiplicativity of the norm, we have, if a, B # 0 


N(aB) = N(a@)N(B) = N(a)_ since N(f) = 1. 


Therefore, property (1) of Euclidean norms is satisfied. We must now show that the di- 
vision algorithm holds. 

Let a = a+biand B = c + di be Gaussian integers. Recall that the inverse for a 
nonzero complex number Zz = x + iy is 


Tia Fon OD 
zz x+y?" 
Therefore, as a complex number 
a B C= al 
— = a— = (a+ b)i)—— 
Bo pe ae 


_ac+bd ac-—bd 


=~ + ——i=u4t+ WV. 
c4+d2 c#4+@2 
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Now since a, b, c, d are integers u, v must be rationals. The set 
{fu+iv:u,v € Q} 


is called the set of the Gaussian rationals. 

Ifu,v € Z, thenu + iv € Z[i], a = qB with q = u + iv, and we are done. Otherwise, 
choose ordinary integers m, n satisfying |u— m| < 3 and |v —n| < 5, and let g = m+ in. 
Then q € Z[i]. Let r = a — qB. We must show that N(r) < N(f). 

Working with complex absolute value, we get 


Ir| = la - gBl = al - 4. 
Now 


2 2 


5-4 = [tam +iv—m) - (ee=mircomt «(2 +(5) <1 


Therefore, 


Ir| < |p| = Ir’ < |p? = Nr) < NO), 


completing the proof. 


Since Z[i] forms a Euclidean domain, it follows from our previous results that Z[i] 
must be a principal ideal domain; hence a unique factorization domain. 


Corollary 3.5.8. The Gaussian integers are a UFD. 


Since we will now be dealing with many kinds of integers, we will refer to the ordi- 
nary integers Z as the rational integers and the ordinary primes p as the rational primes. 
It is clear that Z can be embedded into Z[i]. However, not every rational prime is also 
prime in Z[i]. The primes in Z[i] are called the Gaussian primes. For example, we can 
show that both 1 + i and 1 - i are Gaussian primes; that is, primes in Z[i]. However, 
(1+ (1-1) = 2. Therefore, the rational prime 2 is not a prime in Z[i]. Using the multi- 
plicativity of the Euclidean norm in Z[i], we can describe all the units and primes in Z[i]. 


Theorem 3.5.9. (1) The only units in Z[i] are +1, +i. 
(2) Suppose x is a Gaussian prime. Then r is one of the following: 
(a) a positive rational prime p = 3 (mod 4), or an associate of such a rational prime. 
(b) 1+i, or anassociate of1+1 
(c) a+ bi, ora — bi, where a > 0, b > 0, ais even, and N(m) = a? + b* = pwithpa 
rational prime congruent to 1 modulo 4, or an associate of a + bi, or a — bi. 


Proof. (1) Suppose u = x +iy € Z[i] is a unit. Then, from Lemma 3.5.6, N(u) = x+y" =1, 
implying that (x, y) = (0, +1) or (x,y) = (+1, 0). Hence, u = +1 or u = ti. 
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(2) Now suppose that z is a Gaussian prime. Since N(z) = m7, and 7 € Z[il, it 
follows that z|N (sr). N(zr) is a rational integer, so N(zr) = p,---P,, where the p,’s are 
rational primes. By Euclid’s lemma z\|p; for some p; and, hence, a Gaussian prime must 
divide at least one rational prime. On the other hand, suppose z|p and z\|q, where p, q 
are different primes. Then (p,q) = 1 and, hence, there exist x, y « Zsuch that 1 = px+qy. 
It follows that z/1 is a contradiction. Therefore, a Gaussian prime divides one and only 
one rational prime. 

Let p be the rational prime that z divides. Then N(z)|N(p) = p’. Since N(z) is a 
rational integer, it follows that N(z) = p, or N(z) = p*. If = a + bi, then a’ + b* = p, or 
a’ +b? =p’. 

If p = 2, then a’ + b* = 2, or a” +b? = 4. It follows that 2 = +2, +2i, orm =1+i,oran 
associate of 1+ i. Since (1+i)(1—i) = 2, and neither 1+i, nor 1—i are units, it follows that 
neither 2, nor any of its associates are primes. Then z = 1 + i, or an associate of 1 + i. To 
see that 1 + iis prime supposes 1+ i = af. Then N(1+ 1) = 2 = N(a)N(f). It follows that 
either N(a) = 1, or N(f) = 1, and either a or f is a unit. 

If p # 2, then either p = 3 (mod 4), or p = 1 (mod 4). First suppose p = 3 (mod 4). 
Then a” + b* = p would imply (Fermat’s two-square theorem, see [53]) p = 1 (mod 4). 
Therefore, from the remarks above a? + b” = p”, and N(z) = N(p). Since m|p, we have 
nm = apwitha ¢€ Z[i]. From N(z) = N(p), we get that N(a) = 1, and ais a unit. Therefore, 
mand p are associates. Hence, in this case, 7 is an associate ofa rational prime congruent 
to 3 modulo 4. 

Finally, suppose p = 1 (mod 4). From the remarks above, either N(z) = p, or 
N(a) = p’. If N(zt) = p”, then a’ + b* = p*. Since p = 1 (mod 4), from Fermat's two square 
theorem, there exist m,n € Z with m? +n” = p. Let u = m+ in, then the norm N(u) = p. 
Since p is a rational prime, it follows that u is a Gaussian prime. Similarly, its conjugate 
u is also a Gaussian prime. Now uu|p” = N(z). Since m|N(z), it follows that z|uu, and 
from Euclid’s lemma, either zu, or 7|u. If z|u, they are associates since both are primes. 
But this is a contradiction since N(z) # N(u). The same is true if zu. 

It follows that if p = 1 (mod 4), then N(z) # p’. Therefore, N(zr) = p = a’ +b’. An 
associate of 7 has both a,b > 0 (see exercises). Furthermore, since a” + b? = p, one of 
aor b must be even. If ais odd, then b is even; then iz is an associate of 7 with a even, 
completing the proof. 


Finally, we mention that the methods used in Z[i] cannot be applied to all quadratic 
integers. For example, we have seen that there is not unique factorization in Z[ V—5]. 


3.6 Overview of Integral Domains 


Here we present some additional definitions for special types of integral domains. 


Definition 3.6.1. (1) A Dedekind domain Dis an integral domain such that each nonzero 
proper ideal A ({0} # A # R) can be written uniquely as a product of prime ideals 
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A=P,---P, 


with each P; being a prime ideal and the factorization being unique up to ordering. 
(2) A Priifer ring R is an integral domain such that 


A-(BNC) =ABNAC 


for all ideals A, B, C in R. 


Dedekind domains arise naturally in algebraic number theory. It can be proved that 
the rings of algebraic integers in any algebraic number field are Dedekind domains 
(see [53]). If R is a Dedekind domain, it is also a Priifer Ring. If R is a Prifer ring and 
a unique factorization domain, then R is a principal ideal domain. In the next chapter, 
we will prove a Gaussian theorem which states that if R is a UFD, then the polynomial 
ring R[x] is also a UFD. If K is a field, we have already seen that K[x] is a UFD. Hence, 
the polynomial ring in several variables K[x,,...,X,] is also a UFD. This fact plays an 
important role in algebraic geometry. 


3.7 Exercises 


1. Let R be an integral domain, and let z € R \ (U(R) U {0}). Show the following: 

(i) Iffor each a € R with z } a, there exist A,u € RwithAm + wa = 1, then isa 
prime element of R. 

(ii) Give an example for a prime element z in a UFD R, which does not satisfy the 
conditions of (i). 

2. LetRbeaUFD, and let a,,...,a, be pairwise coprime elements of R. If a,---a, is an 
m-th power (m € NN), then all factors a; are associates of an m-th power. Is each a; 
necessarily an m-th power? 

3. Decide if the unit group of Z[k] = {a+ bvk : a,b € Z}, k = 3,5,7, is finite or infinite. 
For which a € Z are (1— V5) and (a+ V5) associates in Z[ V5]? 

4. Letk ¢ Zandk +x’ forall x € Z. Leta =a+bvk andB = c + dvk be elements of 
Z[vk], and N(a) = a? — kb’, N(B) = c* - kd. Show the following: 

(i) The equality of the absolute values of N(a) and N(f) is necessary for the asso- 
ciation of a and B in Z[ Vk]. Is this constraint also sufficient? 

(ii) Sufficient for the irreducibility of a in Z[Vk] is the irreducibility of N(a) in Z. 
Is this also necessary? 

5. In general irreducible elements are not prime. Consider the set of complex number 
given by 


R= Z[iv5] = {x+ tyV5: x,y € Z}. 


Show that they form a subring of C. 
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6. For anelement x + iyv5 «€ R define its norm by 
N(x + tyV5) = |x + tyvV5| = x? + 5y’. 


Prove that the norm is multiplicative, that is N(ab) = N(a)N(b). 
7. Prove Lemma 3.4.4. 
Prove that the set of polynomials R[x] with coefficients in a ring R forms a ring. 
9. Prove the basic properties of the norm of the Gaussian integers. If a, B € Z[i], then: 
(i) N(q) is an integer for alla € Z[i]. 
(ii) N(a) = 0 for alla € Z[i]. 
(iii) N(a) = Oif and only ifa = 0. 
(iv) N(a) >1for alla + 0. 
(v) N(aB) = N(a)N(B), that is the norm is multiplicative. 


4 Polynomials and Polynomial Rings 


4.1 Degrees, Reducibility and Roots 


In the last chapter, we saw that if K is a field, then the set of polynomials with coefficients 
in K, which we denoted K [x], forms a unique factorization domain. In this chapter, we 
take a more detailed look at polynomials over a general ring R. We then prove that if 
R is a UFD, then the polynomial ring R[x] is also a UFD. We first take a formal look at 
polynomials. 

Let R be a commutative ring with an identity. Consider the set R of functions f from 
the nonnegative integers N = Nu{0} into R with only a finite number of values nonzero. 
That is, 


R={f:N —>R:f(n) #0 for only finitely many n}. 
On R, we define the following addition and multiplication: 


(f + g)(n) = f(n) + g(n) 
(f-gim= ¥ f@gi. 


itj=n 
If we let x = (0,1, 0,...) and identify (r,0,...) withr € R, then 
0 i+1 i 
x =(1,0,...)=1, and x” =x-x. 


Now if f = (r9,71,1o,.-..), then f can be written as 


for some m > 0 since r; # 0 for only finitely many i. Furthermore, this presenta- 
tion is unique. We now call x an indeterminate over R, and write each element of R as 
iibak—o su rx! with f(x) = 0 or r,, # 0. We also now write R[x] for R. Each element of 
R[x] is called a polynomial over R. The elements 7o,..., 1, are called the coefficients of 
f(@® with r,, the leading coefficient. If r,, # 0, the non-negative integer m is called the 
degree of f(x), which we denote by deg f(x). We say that f(x) = 0 has degree —co. The 
uniqueness of the representation of a polynomial implies that two nonzero polynomi- 
als are equal if and only if they have the same degree and exactly the same coefficients. 
A polynomial of degree 1 is called a linear polynomial, whereas one of degree two is a 
quadratic polynomial. The set of polynomials of degree 0, together with 0, form a ring 
isomorphic to R and, hence, can be identified with R, the constant polynomials. Thus, the 
ring R embeds in the set of polynomials R[x]. The following results are straightforward 
concerning degree: 


https://doi.org/10.1515/9783111142524-004 
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Lemma 4.1.1. Let f(x) # 0, g(x) #0 € R[x]. Then the following hold: 
(a) deg f(x)g(x) < deg f(x) + deg g(x). 
(b) deg(f(x) + g(x)) < max(deg f(x), deg g(x)). 


If R is an integral domain, then we have equality in (a). 


Theorem 4.1.2. Let R be a commutative ring with an identity. Then the set of polynomials 
R[x] forms aring called the ring of polynomials over R. The ring R identified with 0 and the 
polynomials of degree 0 naturally embeds into R[x]. R[x] is commutative. Furthermore, 
R[x] is uniquely determined by R and x. 


Proof. Set f(x) = Ytorx' and g(x) = Yj-0 six! . The ring properties follow directly by 
computation. The identification of r « R with the polynomial r(x) = r provides the em- 
bedding of R into R[x]. From the definition of multiplication in R[x], if R is commutative, 
then R[x] is commutative. Note that if R has a multiplicative identity 1 # 0, then this is 
also the multiplicative identity of R[x]. 

Finally, if S is a ring that contains R and a ¢€ S, then 


R{a] = \y rat :r; € R, andr; # 0 for only a finite number of i 
i20 
is ahomomorphic image of R[x] via the map 
¥ rx! Y ra. 
i20 i20 


Hence, R[x] is uniquely determined by R and x. We remark that R[a] must be commuta- 
tive. 


If R is an integral domain, then irreducible polynomials are defined as irreducibles 
in the ring R[x]. If R is a field, then f(x) is an irreducible polynomial if there is no fac- 
torization f(x) = g(x)h(x), where g(x) and h(x) are polynomials of lower degree than 
f(x). Otherwise, f(x) is called reducible. In elementary mathematics, polynomials are 
considered as functions. We recover that idea via the concept of evaluation. 


Definition 4.1.3. Let f(x) = rg + 74x +--+ +1,x" be a polynomial over a commutative 
ring R with an identity, and let c ¢ R. Then the element 


(c)=rotMmct:-+r,c eR 
0 1 n 


is called the evaluation of f(x) at c. 


Definition 4.1.4. If f(x) € R[x] and f(c) = 0 forc € R, then c is called a zero or a root of 
fink. 
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4.2 Polynomial Rings over Fields 


We now restate some of the result of the last chapter for K[x], where K is a field. We 
then consider some consequences of these results to zeros of polynomials. 


Theorem 4.2.1. If K is a field, then K[x] forms an integral domain. K can be naturally 
embedded into K[x] by identifying each element of K with the corresponding constant 
polynomial. The only units in K[x] are the nonzero elements of K. 


Proof. Verification of the basic ring properties is solely computational and is left to the 
exercises. Since deg P(x)Q(x) = deg P(x) + deg Q(x), it follows that if neither P(x) # 0, 
nor Q(x) # 0, then P(x)Q(x) # 0. Therefore, K [x] is an integral domain. 

If G(x) is a unit in K [x], then there exists an H(x) € K[x] with G(x)H(x) = 1. 

From the degrees, we have deg G(x) + deg H(x) = 0, and since degG(x) = 0, 
deg H(x) = 0. This is possible only if deg G(x) = deg H(x) = 0. Therefore, G(x) € K. 


Now that we have K[x] as an integral domain, we proceed to show that K[x] is a 
principal ideal domain and, hence, there is unique factorization into primes. We first 
repeat the definition of a prime in K [x]. If 0 # f(x) has no nontrivial, nonunit factors (it 
cannot be factorized into polynomials of lower degree), then f(x) is a prime in K[x] or 
a prime polynomial. A prime polynomial is also called an irreducible polynomial over K. 
Clearly, if deg g(x) = 1, then g(x) is irreducible. 

The fact that K[x] is a principal ideal domain follows from the division algorithm 
for polynomials, which is entirely analogous to the division algorithm for integers. 


Theorem 4.2.2 (Division algorithm in K[x]). If 0 # f(x),0 # g(x) € K[X], then there exist 
unique polynomials q(x), r(x) € K[x] such that f(x) = qo)g(x) + r(x), where r(x) = 0, or 
deg r(x) < deg g(x). (The polynomials q(x) and r(x) are called respectively the quotient 
and remainder.) 
Proof. If deg f(x) = 0 and deg g(x) = 1, then we just choose q(x) = 0, and r(x) = f(x). If 
deg f(x) = 0 = deg g(x), then f(x) = f € K,and g(x) = g € K, and we choose q(x) = f and 
r(x) = 0. Hence, Theorem 4.2.2 is proved for deg f(x) = 0, also certainly the uniqueness 
statement. 

Now, let n > 0 and Theorem 4.2.2 be proved for all f(x) € K[x] with degf(x) < n. 
Now, given 


f (X) = ayX" + Gy 4X +--+ +Q4X +d, witha, #0, and 


2(X) = DX + Dy 1X ++ +X +o, with, #0,m = 0. 


If m > n, then just choose q(x) = 0 and r(x) = f(x). 
Now, finally, let 0 < m < n. We define 


h(x) = f(x) - sex E(x), 
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We have deg h(x) < n. Hence, by induction assumption, there are q,(x) and r(x) with 
A(x) = qOog(x) + r(x) and deg r(x) < deg g(x). Then 


f(x) = ho + rex Mg(x) 


= ce + nce) go +17(x) 


n-m 


= g(x)g(x) +r) with q(x) = pix +0), 


which proves the existence. 
We now show the uniqueness. Let 


FO) = HOBO) +400) 
= HONE O) + 12 (X), 


with 
degri(x) < degg(x), and degr,(x) < deg g(x). 
Assume r;(X) # r2(x). Let deg r,(x) > degr,(x). We get 
(200 — GOO)E0D = 70) — 72,00, 


which gives a contradiction because deg(r,(x) — r2(x)) < deg g(x), and q2(x) — q(x) # 0 
if r,(x) # r(x). Therefore, r,(x) = r,(x), and furthermore q,(x) = q2(x) because K [x] is 
an integral domain. 


Example 4.2.3. Let f(x) = 2x? + x? -— 5x +3, g(x) = x*+x+1.Then 


3, 2 
i Meat Sa =2x-—1 with remainder —6x + 4. 


x24x41 
Hence, q(x) = 2x —-1, r(x) = -6x + 4, and 
2x? +x" — 5x +3 = (2x -1)(x* +x +1) + (-6x +4). 


Theorem 4.2.4. Let K be afield. Then the polynomial ring K [x] is a principal ideal domain, 
and hence a unique factorization domain. 


We now give some consequences relative to zeros of polynomials in K [x]. 


Theorem 4.2.5. If f(x) € K[x] andc € K with f(c) = 0, then 
fX) = (x-c)hQO, 


where deg h(x) < deg f(x). 
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Proof. Divide f(x) by x — c. Then by the division algorithm, we have 
f(x) = («- e)hO) +700), 


where r(x) = 0, or deg r(x) < deg(x —c) = 1. Hence, if r(x) # 0, then r(x) is a polynomial 
of degree 0, that is, a constant polynomial, and thus r(x) = r for r € K. Hence, we have 


ff =(*-cyh) +r. 
This implies that 
0=f(x) =0A(c)+r=r 


and, therefore, r = 0, and f(x) = (x — c)h(X). Since deg(x — c) = 1, we must have that 
deg h(x) < deg f(x). 


If f(x) =(x- c)Kh(x) for some k > 1 with h(c) # 0, then c is called a zero of order k. 


Theorem 4.2.6. Let f(x) € K[x] with degree 2 or 3. Then f is irreducible if and only iff (x) 
does not have a zero in K. 


Proof. Suppose that f(x) is irreducible of degree 2 or 3. If f(x) has a zero c, then from 
Theorem 4.2.5, we have f(x) = (x — c)h(x) with h(x) of degree 1 or 2. Therefore, f(x) is 
reducible a contradiction and, hence, f(x) cannot have a zero. 

From Theorem 4.2.5, if f(x) has a zero and is of degree greater than 1, then f(x) is 
reducible. 

If f(x) is reducible, then f(x) = g(x)h(x) with deg g(x) = 1 and, hence, f(x) has a 
zero in K. 


4.3 Polynomial Rings over Integral Domains 


Here we consider R[x] where R is an integral domain. 


Definition 4.3.1. Let R be an integral domain. Then a, d),...,a, € R are coprime if the 
set of all common divisors of a;, d),...,, consists only of units. 


Notice, for example, that this concept depends on the ring R. For example, 6 and 9 
are not coprime over the integers Z since 3/6 and 3/9 and 3 is not a unit. However, 6 and 
9 are coprime over the rationals Q. Here, 3 is a unit. 


Definition 4.3.2. Let f(x) = Yio rx! € R[x], where R is an integral domain. Then f(x) is 
a primitive polynomial or just primitive if ro,r4,..., 7, are coprime in R. 


Theorem 4.3.3. Let R be an integral domain. Then the following hold: 
(a) The units of R[x] are the units of R. 
(b) Ifp is a prime element of R, then p is a prime element of R[x]. 
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Proof. Ifr € Ris a unit, then since R embeds into R[x], it follows that r is also a unit 
in R[x]. Conversely, suppose that h(x) € R[x] is a unit. Then there is a g(x) such that 
h(x)g(x) = 1. Hence, deg f(x) + deg g(x) = deg1 = 0. Since degrees are nonnegative 
integers, it follows that deg f(x) = deg g(x) = 0 and, hence, f(x) € R. 

Now suppose that p is a prime element of R. Then p + 0, and pR is a prime ideal in R. 
We must show that pR[x] is a prime ideal in R[x]. Consider the map 


tT: R[x] > (R/pR)[x] _ given by 
(3 rx’) = Yi + pR)x', 
i=0 i=0 


Then 7 is an epimorphism with kernel pR[x]. Since pR is a prime ideal, we know that 
R/pR is an integral domain. It follows that (R/pR)[x] is also an integral domain. Hence, 
pR[x] must be a prime ideal in R[x], and therefore p is also a prime element of R[x]. 


Recall that each integral domain R can be embedded into a unique field of frac- 
tions K. We can use results on K [x] to deduce some results in R[x]. 


Lemma 4.3.4. If K is a field, then each nonzero f(x) € K[x] is a primitive. 


Proof. Since K is a field, each nonzero element of K is a unit. Therefore, the only com- 
mon divisors of the coefficients of f(x) are units and, hence, f(x) € K [x] is primitive. 


Theorem 4.3.5. Let R be an integral domain. Then each irreducible f(x) € R[x] of degree 
> 0 is primitive. 


Proof. Let f(x) be an irreducible polynomial in R[x], and let r €¢ R be a common divisor 
of the coefficients of f(x). Then f(x) = rg(x), where g(x) € R[x]. 

Then deg f(x) = deg g(x) > 0, so g(x) ¢ R. Since the units of R[x] are the units of R, 
it follows that g(x) is not a unit in R[x]. Since f(x) is irreducible, it follows that r must 
be a unit in R[x] and, hence, r is a unit in R. Therefore, f(x) is primitive. 


Theorem 4.3.6. Let R be an integral domain and K its field of fractions. If f(x) € R[x] is 
primitive and irreducible in K[x], then f (x) is irreducible in R[x]. 


Proof. Suppose that f(x) € R[x] is primitive and irreducible in K[x], and suppose that 
FOO = gOOROO, where g(x), h(x) € R[x] ¢ K[x]. Since f(x) is irreducible in K [x], either 
g(x) or A(x) must be a unit in K [x]. Without loss of generality, suppose that g(x) is a unit 
in K[x]. Then g(x) = g € K. But g(x) € R[x], and KN R[x] =R. 

Hence, g € R. Then g is a divisor of the coefficients of f(x), and as f(x) is primitive, 
g(x) must be a unit in R and, therefore, also a unit in R[x]. Therefore, f(x) is irreducible 
in R[x]. 
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4.4 Polynomial Rings over Unique Factorization Domains 


In this section, we prove that if R is a UFD, then the polynomial ring R[x] is also a UFD. 
We first need the following due to Gauss: 


Theorem 4.4.1 (Gauss’ lemma). Let R be a UFD and f(x), g(x) primitive polynomials 
in R[x]. Then their product f (x)g(x) is also primitive. 


Proof. Let Rbea UFD and f(x), g(x) primitive polynomials in R[x]. Suppose that f(x)g(x) 
is not primitive. Then there is a prime element p € R that divides each of the coefficients 
of f(x)g(x). Then p|f(x)g(x). Since prime elements of R are also prime elements of R[x], 
it follows that p is also a prime element of R[x] and, hence, p|f(x), or p|g(x). Therefore, 
either f(x) or g(x) is not primitive, giving a contradiction. 


Theorem 4.4.2. Let R be a UFD and K its field of fractions. 

(a) If g(x) € K[Xx] is nonzero, then there is a nonzero a € K such that ag(x) € R[x] is 
primitive. 

(b) Let f(x), g(x) € R[x] with g(x) primitive and f (x) = ag(x) for somea € K. Thena € R. 

(c) If f(x) € R[X] is nonzero, then there is a b € R and a primitive g(x) € R[x] such that 
f(x) = bg(x). 


Proof. (a) Suppose that g(x) = Yio a;x' with a; = a rj, $; € R. Set $ = SoSy---S,. Then 
sg(x) isa nonzero element of R[x]. Let d be a greatest common divisor of the coefficients 
of sg(x). If we set a = 7 then ag(x) is primitive. 

(b) For a € K, there are coprime r,s € R satisfying a = =. Suppose that a ¢ R. Then 
there is a prime element p € R dividing s. Since g(x) is primitive, p does not divide all the 
coefficients of g(x). However, we also have f(x) = ag(x) = rg(x). Hence, sf (x) = rg(x), 
where p|s and p does not divide r. Therefore, p divides all the coefficients of g(x) and, 
hence, a € R. 

(c) From part (a), there is anonzero a € K such that af(x) is primitive in R[x]. Then 


f(x) = a ‘(af (x). From part (b), we must have a”! ¢ R. Set g(x) = af(x) andb = a1. 


Theorem 4.4.3. Let R bea UFD and K its field of fractions. Let f(x) € R[x] bea polynomial 

of degree > 1. 

(a) Iff (x) is primitive and f (x)|g(x) in K[x], then f(x) divides g(x) also in R[x]. 

(b) Iff (x) is irreducible in R[x], then it is also irreducible in K [x]. 

(c) If f(x) is primitive and a prime element of K[x], then f(x) is also a prime element 
of R[x]. 


Proof. (a) Suppose that g(x) = f(x)h(x) with h(x) € K[x]. From Theorem 4.4.2 part (a), 
there is a nonzero a «€ K such that h,(x) = ah(x) is primitive in R[x]. Hence, g(x) = 
lof (x)hy(x)). From Gauss’ lemma f(x)h,(x) is primitive in R[x]. Therefore, from Theo- 
rem 4.4.2 part (b), we have € R. It follows that f(x)|g(x) in R[x]. 
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(b) Suppose that g(x) € K[x] is a factor of f(x). From Theorem 4.4.2 part (a), there 
is anonzero a € K with g;(x) = ag(x) primitive in R[x]. Since ais a unit in K, it follows 
that 


g(yif(x) ink[x] implies g,Q)|f(x) inK[x] 
and, hence, since g(x) is primitive 


MOO) in R[x]. 


However, by assumption, f(x) is irreducible in R[x]. This implies that either g,(x) is a 
unit in R, or g,(x) is an associate of f(x). 

If g(x) is a unit, then g, € K, and g,; = ga. Hence, g ¢€ K; that is, g = g(x) is a unit. 

If g,(x) is an associate of f(x), then f(x) = bg(x), where b € K since g,(x) = ag(x) 
with a € K. Combining these, it follows that f(x) has only trivial factors in K[x], and 
since—by assumption— (x) is nonconstant, it follows that f(x) is irreducible in K [x]. 

(c) Suppose that f (x)|g(x)A(xX) with g(x), hOd € R[x]. Since f(x) is a prime element 
in K [x], we have that f(x)|g(x) or f(x)|A(X) in K[x]. From part (a), we have f(x)|g(x) or 
fOO|AC) in R[x] implying that f(x) is a prime element in R[x]. 


We can now state and prove our main result. 
Theorem 4.4.4 (Gauss). Let R be a UFD. Then the polynomial ring R[x] is also a UFD. 


Proof. By induction, on degree, we show that each nonunit f(x) € R[x], f(x) # 0,isa 
product of prime elements. Since R is an integral domain, so is R[x]. Therefore, the fact 
that R[x] is a UFD then follows from Theorem 3.3.3. 

If deg f(x) = 0, then f(x) = f is a nonunit in R. Since R is a UFD, f is a product of 
prime elements in R. However, from Theorem 4.3.3, each prime factor is then also prime 
in R[x]. Therefore, f(x) is a product of prime elements. 

Now suppose n > 0 and that the claim is true for all polynomials f(x) of degree < n. 
Let f(x) be a polynomial of degree n > 0. From Theorem 4.4.2 (c), there isana ¢ Randa 
primitive h(x) € R[x] satisfying f(x) = ah(x). Since R is a UFD, the element a is a product 
of prime elements in R, or ais a unit in R. Since the units in R[x] are the units in R, anda 
prime element in R is also a prime element in R[x], it follows that ais a product of prime 
elements in R[x], or a is a unit in R[x]. Let K be the field of fractions of R. Then K[x] isa 
UFD. Hence, h(x) is a product of prime elements of K[x]. 

Let p(x) € K[x] be a prime divisor of h(x). From Theorem 4.4.2, we can assume by 
multiplication of field elements that p(x) € R[x], and p(x) is primitive. 

From Theorem 4.4.2 (c), it follows that p(x) is a prime element of R[x]. Furthermore, 
from Theorem 4.4.3 (a), p(x) is a divisor of h(x) in R[x]. Therefore, 


FOO = ah(X) = ap(x)g(x) € RIX], 
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where the following hold: 

(1) aisa product of prime elements of R[x], or a is a unit in R[x], 
(2) deg p(x) > 0, since p(x) is a prime element in K[x], 

(3) p(x)isa prime element in R[x], and 

(4) deg g(x) < degf(x) since deg p(x) > 0. 


By our inductive hypothesis, we have then that g(x) is a product of prime elements in 
R[x], or g(x) is a unit in R[x]. Therefore, the claim holds for f(x), and therefore holds for 
all f (x) by induction. 


If R[x] is a polynomial ring over R, we can form a polynomial ring in a new indeter- 
minate y over this ring to form (R[x])[y]. It is straightforward that (R[x])[y] is isomor- 
phic to (R[y]) [x]. We denote both of these rings by R[x, y] and consider this as the ring 
of polynomials in two commuting variables x, y with coefficients in R. 

If R is a UFD, then from Theorem 4.4.4, R[x] is also a UFD. Hence, R[x, y] is also a 
UFD. Inductively then, the ring of polynomials in n commuting variables R[x, X9,...,Xy] 
is also a UFD. 

Here, the ring R[X,,...,X,] isinductively given by R[xy,...,X,] = (RIX... Xp) Dy] 
ifn > 2. 


Corollary 4.4.5. If R is a UFD, then the polynomial ring in n commuting variables 
R[X, ..., Xp] is also a UFD. 


We now give a condition for a polynomial in R[x] to have a zero in K [x], where K is 
the field of fractions of R. 


Theorem 4.4.6. Let R be a UFD and K its field of fractions. Let 
FO) a2 bra ere ER: 
Suppose that B € K is azero of f(x). Then B is in R and is a divisor of ro. 


Proof. Let B = a where s # 0, andr,s € Randr, s are coprime. Now 


r r? prt 
(2) =0= mn +n a tr +1. 
Hence, it follows that s must divide r”. Since r and s are coprime, s must be a unit, and 
then, without loss of generality, we may assume that s = 1. Then f € R, and 


n-1 


rr’ +++ +74) =—To, 


and so r|ap. 


Note that since Z is a UFD, Gauss’ theorem implies that Z[x] is also a UFD. However, 
Z([x] is not a principal ideal domain. For example, the set of integral polynomials with 
even constant term is an ideal, but not principal. We leave the verification to the exer- 
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cises. On the other hand, we saw that if K is a field, K [x] is a PID. The question arises as 
to when R[x] actually is a principal ideal domain. It turns out to be precisely when R is 
a field. 


Theorem 4.4.7. Let R be a commutative ring with an identity. Then the following are 
equivalent: 

(a) Risa field. 

(b) R[x] is Euclidean. 

(c) R[x] is a principal ideal domain. 


Proof. From Section 4.2, we know that (a) implies (b), which in turn implies (c). There- 
fore, we must show that (c) implies (a). Assume then that R[x] is a principal ideal domain. 
Define the map 


tT: R[x] ~R 
by 
t(f(x)) = f(0). 


It is easy to see that t is aring homomorphism with R[x]/ ker(tT) = R. Therefore, ker(T) # 
R[x]. Since R[x] is a principal ideal domain, it is an integral domain. It follows that ker(z) 
must be a prime ideal since the quotient ring is an integral domain. However, since R[x] 
is a principal ideal domain, prime ideals are maximal ideals; hence, ker(tT) is a maximal 
ideal by Theorem 3.2.7. Therefore, R = R[x]/ ker(t) is a field. 


We now consider the relationship between irreducibles in R[x] for a general integral 
domain and irreducibles in K [x], where K is its field of fractions. This is handled by the 
next result called Eisenstein’s criterion. 


Theorem 4.4.8 (Eisenstein’s criterion). Let R be an integral domain and K its field of frac- 
tions. Let f(x) = Yio a,x! € R[x] of degree n > 0. Let p be a prime element of R satisfying 
the following: 

(1) pla; fori=0,...,n-1. 

(2) p does not divide ay. 

(3) py’ does not divide ay. 


Then the following hold: 
(a) If f(x) is primitive, then f (x) is irreducible in R[x]. 
(b) Suppose that R is a UFD. Then f(x) is also irreducible in K [x]. 


Proof. (a) Suppose that f(x) = gQ) A(X) with god, h(x) € R[x]. Suppose that 


ko boos 
g(x) — Y bx’, by # 0 and h(x) 3 cx’, Ci # 0. 
i=0 j=0 
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Then dy = bop. Now p|dp, but p” does not divide ay. This implies that either p does not 
divide bp, or p doesn’t divide cy. Without loss of generality, assume that p|b, and p does 
not divide Cp. 

Since a, = b;,c), and p does not divide a,,, it follows that p does not divide b;. Let bj 
be the first coefficient of g(x), which is not divisible by p. Consider 


a; = bjcy +++ + Doc 


where everything after the first term is divisible by p. Since p does not divide both b; and 
Co, it follows that p does not divide bc). Therefore, p does not divide a,, which implies 
that j =n. Then fromj < k < n, it follows that k = n. 

Therefore, deg g(x) = deg f(x) and, hence, deg h(x) = 0. Thus, h(x) = h € R. Then 
from f(x) = hg(x) with f primitive, it follows that h is a unit and, therefore, f(x) is 
irreducible. 

(b) Suppose that f(x) = g(X)h(X) with g(x), h(x) € R[x]. The fact that f(x) was prim- 
itive was only used in the final part of part (a). Therefore, by the same arguments as in 
part (a), we may assume—without loss of generality—that h € R c K. Therefore, f(x) is 
irreducible in K[x]. 


Following are some examples: 


Example 4.4.9. Let R = Z and pa prime number. Suppose that n, m are integers such 

that n > 1 and p does not divide m. Then x” + pm is irreducible in Z[x] and Q[x]. In 
1 

particular, (pm)* is irrational. 


Example 4.4.10. Let R = Z and pa prime number. Consider the polynomial 


P_4 
®,(x) = ES ace ce ee eb 
x-1 
Since all the coefficients of ©, (x) are equal to 1, Eisenstein’s criterion is not directly ap- 
plicable. However, the fact that ®,(x) is irreducible implies that for any integer a, the 
polynomial ®,(x + a) is also irreducible in Z[x]. It follows that 

-1 

(+P -1 | xP + (Fx? ad E eed a1 

(x+1)-1 X 


cata (tpetone(s) 


Now p/|(*) for 1 < i < p —1 (see exercises) and, moreover, ey ,) = Pis not divisible 


®,(x +1)= 


by p”. Therefore, we can apply the Eisenstein criterion to conclude that ®,(x) is irre- 
ducible in Z[x] and Q[x]. 
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Theorem 4.4.11. Let R be aUFD and X its field of fractions. Let f (x) = Yj-o ax! € R[x] be 
a polynomial of degree > 1. Let P be a prime ideal in R witha, ¢ P. Let R = R/P, and let 
a: R[x] > R[x] be defined by 


(3 ra’) = (7, + P)x!, 
i=0 


i=0 
a is an epimorphism. Then if a(f(x)) is irreducible in R[x], then f (x) is irreducible in K [x]. 


Proof. By Theorem 4.4.3, there exists ana € R and a primitive g(x) € R[x] satisfying 
f(x) = ag(x). Since a, ¢ P, we have that a(a) # 0. Furthermore, the highest coefficient 
of g(x) is also not an element of P. If a(g(x)) is reducible, then a(f(x)) is also reducible. 
Thus, a(g(x)) is irreducible. However, from Theorem 4.4.4, g(x) is irreducible in K [x]. 
Therefore, f(x) = ag(x) is also irreducible in K[x]. Therefore, to prove the theorem, it 
suffices to consider the case where f(x) is primitive in R[x]. 

Now suppose that f(x) is primitive. We show that f(x) is irreducible in R[x]. 

Suppose that f(x) = g(X)h(X), g(x), h(x) € R[x] with hw), g(x) nonunits in R[x]. 
Since f(x) is primitive, g,h ¢ R. Therefore, deg g(x) < deg f(x), and deg h(x) < deg f(x). 

Now we have a(f(x)) = a(g(x))a(h(x)). Since P is a prime ideal, R/P is an integral 
domain. Therefore, in R[x] we have 


deg a(g(x)) + deg a(h(x)) = deg a( f(x)) = deg f(x) 
since a, ¢ P. Since R is a UFD, it has no zero divisors. Therefore, 
deg f(x) = deg g(x) + deg h(x). 
Now 


deg a(g(x)) < deg g(x) 
deg a(h(x)) < deg h(x). 


Therefore, deg a(g(x)) = deg g(x), and deg a(h(x)) = deg h(x). Therefore, a(f(x)) is re- 
ducible, and we have a contradiction. 


It is important to note that a(f(x)), being reducible, does not imply that f(x) is re- 
ducible. For example, f(x) = x? +1is irreducible in Z[x]. However, in Z,[x], we have 


x 41= (x41) 


and, hence, f(x) is reducible in Z,[x]. 


Example 4.4.12. Let f(x) = x° ~x" +1 Z[x]. Choose P = 2Z so that 


a(f(x)) = ae +1¢Z, [x]. 
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Suppose that in Z,[x], we have a(f(x)) = g(x)h(x). Without loss of generality, we may 
assume that g(x) is of degree 1 or 2. 

If deg g(x) = 1, then a(f(x)) has a zero c in Z,[x]. The two possibilities for c are 
c = 0, orc = 1. Then the following hold: 


Ifc=0, then0+0+1=1#0. 
Ifc=1, theni+1+1=1#0. 


Hence, the degree of g(x) cannot be 1. 
Suppose deg g(x) = 2. The polynomials of degree 2 over Z,[x] have the form 


eae a aa 4x, 57 4A, ae 


The last three, x? + x, x” + 1, x’ all have zeros in Z,[x]. Therefore, they cannot divide 
a(f(x)). Therefore, g(x) must be x” + x +1. Applying the division algorithm, we obtain 


a(f(x)) = (x2 4+.x7)(x7 +x 41) 41 


and, therefore, x? + x +1 does not divide a(f(x)). It follows that a(f(x)) is irreducible, 
and from the previous theorem, f(x) must be irreducible in Q[x]. 


4.5 Exercises 


1. For which a,b € Z does the polynomial x” + 3x + 1 divide the polynomial 
xo 4x7 4 ax +b? 


2. Leta+bieC bea zero of f(x) € R[x]. Show that also a — ib is a zero of f(x). 

3. Determine all quadratic irreducible polynomials over R. 

4. Let Rbe an integral domain, J «Ran ideal, andf € R[x] a monic polynomial. Define 
(R/I)[x] by the mapping R[x] > (R/DIX], f = Vax! 6 f = ¥ &x', where a := a+. 
Show, if (R/I) [Xx] is irreducible, then f € R[x] is also irreducible. 

5. Decide if the following polynomials f € R[x] are irreducible: 

@) fi) =x +2x74+3,R=Z. 

(ii) f(x) =x° -2x+1,R=Q. 

(iii) f(x) = 3x* + 7x +14x+7,R=Q. 

(iv) f(x) = x7 + B- Dx? + (3+ 40x +4 4 2i, R = Zi). 
(v) fx) = x* 43x23 42x74+3x+4,R=Q. 

(vi) f(x) = 8x? - 4x2 + 2x -1,R=Z. 

6. Let R be an integral domain with characteristic 0, let k > 1anda ¢€ R. In R[x], define 
the derivatives f(x), k = 0,1,2,..., of a polynomial f(x) € R[x] by 
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f°00 = 00, 
£00 =f". 


Show that a is a zero of order k of the polynomial f(x) € R[x], if f“(a) = 0, but 
f@ #0. 

7. Prove that the set of integral polynomials with even constant term is an ideal, but 
not principal. 

8. Prove that p|(#) forl<i<p-1. 


5 Field Extensions 


5.1 Extension Fields and Finite Extensions 


Much of algebra in general arose from the theory of equations, specifically polynomial 
equations. As discovered by Galois and Abel, the solutions of polynomial equations over 
fields is intimately tied to the theory of field extensions. This theory eventually blos- 
soms into Galois Theory. In this chapter, we discuss the basic material concerning field 
extensions. 

Recall that if L is a field and K c L is also a field under the same operations as L, 
then K is called a subfield of L. If we view this situation from the viewpoint of K, we say 
that L is an extension field or field extension of K. If K, L are fields with K c L, we always 
assume that K is a subfield of L. 


Definition 5.1.1. If K, L are fields with K c L, then we say that L is a field extension or 
extension field of K. We denote this by L|K. 
Note that this is equivalent to having a field monomorphism 


i:K>oL 


and then identifying K and i(K). 


As examples, we have that R is an extension field of Q, and C is an extension field 
of both C and Q. If K is any field then the ring of polynomials K [x] over K is an integral 
domain. Let K(x) be the field of fractions of K [x]. This is called the field of rational func- 
tions over K. Since K can be considered as part of K[x], it follows that K c K(x) and, 
hence, K(x) is an extension field of K. 

A crucial concept is that of the degree of a field extension. Recall that a vector space 
V over a field K consists of an Abelian group V together with scalar multiplication from 
K satisfying the following: 

() fueViffek,veV. 

(2) f(u+v) =fut+fvforf eK,u,veV. 
(3) ft+tgv=afve+gviorf,geK,veV. 
(4) (fg)v =f(gv) forf.g eK,veV. 

(5) 1v=vforve V. 


Notice that if K is a subfield of L, then products of elements of L with elements of K are 
still in L. Since L is an Abelian group under addition, L can be considered as a vector 
space over K. Thus, any extension field is a vector space over any of its subfields. Using 
this, we define the degree |L : K| of an extension K c L as the dimension dim,(L) of L 
as a vector space over K. We call L a finite extension of K if |L : K| < oo. 
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Definition 5.1.2. If L is an extension field of K, then the degree of the extension L|K is 
defined as the dimension, dim, (L), of L, as a vector space over K. We denote the degree 
by |L : K|. The field extension L|K is a finite extension if the degree |L : K| is finite. 


Lemma 5.1.3. |C : R| = 2, but |R : Q| = 00. 


Proof. Every complex number can be written uniquely as a + ib, where a,b € R. Hence, 
the elements 1, i constitute a basis for C over R and, therefore, the dimension is 2. That 
is, |C : R| = 2. 

The fact that |IR : Q| = co depends on the existence of transcendental numbers. 
An element r ¢€ R is algebraic (over Q) if it satisfies some nonzero polynomial with 
coefficients from Q. That is, P(r) = 0, where 


0 # P(x) =a) + Qxt---+a,x" witha, <Q. 


Any q € Qis algebraic since if P(x) = x —q, then P(q) = 0. However, many irrationals are 
also algebraic. For example, V2 is algebraic since x” -2 = 0 has V2 as a zero. An element 
r € Ris transcendental if it is not algebraic. 

In general, it is very difficult to show that a particular element is transcendental. 
However, there are uncountably many transcendental elements (see exercises). Specific 
examples are e and 7. We will give a proof of their transcendence in Chapter 20. 

Since e is transcendental, for any natural number n, the set {1, e, e7,..., e”! must be 
independent over Q, for otherwise there would be a polynomial that e would satisfy. 
Therefore, we have infinitely many independent vectors in R over Q, which would be 
impossible if R had finite degree over Q. 


Lemma 5.1.4. IfK is any field, then |K(x) : K| = oo. 


Proof. For any n, the elements 1,x, x”,...,x" are independent over K. Therefore, as in 
the proof of Lemma 5.1.3, K(x) must be infinite-dimensional over K. 


If L|K and L,|K, are field extensions, then they are isomorphic field extensions if 
there exists a field isomorphism f : L — L, such that, is an isomorphism from K to K;. 

Suppose that K c L c M are fields. Below we show that the degrees multiply. In this 
situation, where K c L c M, we call L an intermediate field. 


Theorem 5.1.5. Let K, L, M be fields with K c L c M. Then 
IM: K|=|M:L||L: KI. 


Note that |M : K| = co ifand only if either |M : L| = co, or |L: K| = 0. 


Proof. Let {x; : i ¢ I} be a basis for L asa vector space over K, and let {y; : j ¢ J} bea basis 
for M as a vector space over L. To prove the result, it is sufficient to show that the set 


B= {xjyj:ie Lj €J} 
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is a basis for M as a vector space over K. To show this, we must show that B is a linearly 
independent set over K, and that B spans M. 
Suppose that 


> KiXiyj = 0 where ki € K. 
ij 


We can then write this sum as 


J 


x2 kyr) 9) =0. 


But )); Kix; € L. Since {y; : j ¢ J} is a basis for M over L, the y; are independent over L; 

hence, for each j, we get >); kjx; = 0. Now since {x; : i ¢ I} is a basis for L over K, it follows 

that the x; are linearly independent, and since for each j we have )’; kx; = 0, it must be 

that kj = 0 for alli and for all j. Therefore, the set B is linearly independent over K. 
Now suppose that m ¢ M. Then since {y; : j ¢ J} spans M over L, we have 


m= xy with Gj € L. 
j 


However, {x; : i € I} spans L over K, and so for each cj, we have 
Cj = Dd kiX with ki eK. 
U 
Combining these two sums, we have 
m= Y kyXiJj 
ij 


and, hence, B spans M over K. Therefore, B is a basis for M over K, and the result is 
proved. 


Corollary 5.1.6. (a) Jf|L : K| is a prime number, then there exists no proper intermediate 
field between L and K. 
(b) IfK cLand|L: K| =1,thenL=K. 


Let L|K be a field extension, and suppose that A c L. Then certainly there are sub- 
rings of L containing both A and K, for example L. We denote by K [A] the intersection of 
all subrings of L containing both K and A. Since the intersection of subrings is a subring, 
it follows that K[A] is a subring containing both K and A and the smallest such subring. 
We call K[A] the ring adjunction of A to K. 

In an analogous manner, we let K(A) be the intersection of all subfields of L contain- 
ing both K and A. This is then a subfield of L, and the smallest subfield of L containing 
both K and A. The subfield K(A) is called the field adjunction of A to K. 
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Clearly, K[A] c K(A). IfA = {a,,...,a,}, then we write 
K{A] = K[q,...,a,] and K(A) =K(q,...,a,). 


Definition 5.1.7. The field extension L|K is finitely generated if there exist elements 
4,...,d, € L such that L = K(a,,...,a,). The extension L|K is a simple extension if there 
isana € LwithL = K(aq). In this case, a is called a primitive element of L|K. 


In Chapter 7, we will look at an alternative way to view the adjunction constructions 
in terms of polynomials. 


5.2 Finite and Algebraic Extensions 


We now turn to the relationship between field extensions and the solution of polynomial 
equations. 


Definition 5.2.1. Let L|K be a field extension. An element a ¢ L is algebraic over K if 
there exists a polynomial p(x) € K[x] with p(a) = 0. L is an algebraic extension of K 
if each element of L is algebraic over K. An element a ¢€ L that is not algebraic over 
K is called transcendental. L is a transcendental extension if there are transcendental 
elements; that is, they are not algebraic over K. 


For the remainder of this section, we assume that L|K is a field extension. 


Lemma 5.2.2. Each element of K is algebraic over K. 


Proof. Let k ¢ K. Then k is a zero of the polynomial p(x) = x —k € K[Xx]. 


We tie now algebraic extensions to finite extensions. 
Theorem 5.2.3. If L|K is a finite extension, then L|K is an algebraic extension. 


Proof. Suppose that L|K is a finite extension and a ¢€ L. We must show that ais algebraic 
over K. Suppose that |L : K| = n < oo, then dim ,(Z) = n. It follows that any n+1 elements 
of L are linearly dependent over K. 

Now consider the elements 1, a, a”,...,a” in L. These are n +1 distinct elements in L, 
so they are dependent over K. Hence, there exist cy,...,C, € K not all zero such that 


Cot Cyat-+++C,a" =0. 


Let p(x) = Cy + CyX ++++ + C,x". Then p(x) € K[x], and p(a) = 0. Therefore, a is algebraic 
over K. Since a was arbitrary, it follows that L is an algebraic extension of K. 


From the previous theorem, it follows that every finite extension is algebraic. The 
converse is not true; that is, there are algebraic extensions that are not finite. We will 
give examples in Section 5.4. 
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The following lemma gives some examples of algebraic and transcendental exten- 
sions. 


Lemma 5.2.4. C|R is algebraic, but R|Q and C|Q are transcendental. If K is any field, 
then K(x)|K is transcendental. 


Proof. Since 1,i constitute a basis for C over R, we have |C : R| = 2. Hence, C is a finite 
extension of R; therefore, from Theorem 5.2.3, an algebraic extension. More directly, if 
a=a+ib€C, then ais a zero of x” — 2ax + (a” + b’) € R[x]. 

The existence of transcendental numbers (we will discuss these more fully in Sec- 
tion 5.5) shows that both R|Q and C|Q are transcendental extensions. 

Finally, the element x € K(x) is not a zero of any polynomial in K[x]. Therefore, x is 
a transcendental element, so the extension K(x)|K is transcendental. 
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If L|K is a field extension and a € L is algebraic over K, then p(a) = 0 for some polyno- 
mial p(x) € K[x]. In this section, we consider the smallest such polynomial and tie it to 
a simple extension of K. 


Definition 5.3.1. Suppose that L|K is a field extension and a € L is algebraic over K. The 
polynomial m,(x) € K[x] is the minimal polynomial of a over K if the following hold: 
(1) m,(x) has leading coefficient 1; that is, it is a monic polynomial. 

(2) m,(a) = 0. 

(3) Iff(x) € K[x] with f(a) = 0, then m,(x)| f(x). 


Hence, m,(x) is the monic polynomial of minimal degree that has a as a zero. 


We prove next that every algebraic element has such a minimal polynomial. 


Theorem 5.3.2. Suppose that L|K is a field extension and a € L is algebraic over K. Then 

we have: 

(1) The minimal polynomial m,(x) € K[x] exists and is irreducible over K. 

(2) K[a] = K(a) = K[x]/(m,(X)), where (m,(x)) is the principal ideal in K [x] generated 
by m,(x). 

(3) |K(a) : K| = deg(m,(x)). Therefore, K(a)|K is a finite extension. 


Proof. (1) Suppose that a € L is algebraic over K. Let 
IT={f(x) € K[x] :f(@ = 0}. 


Since a is algebraic, I # @. It is straightforward to show (see exercises) that J is an ideal 
in K [x]. Since K is a field, we have that K [x] is a principal ideal domain. 
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Hence, there exists g(x) € K[x] with I = (g(x)). Let b be the leading coefficient of 
g(x). Then m,(x) = btg(x) is a monic polynomial. We claim that m,(x) is the minimal 
polynomial of a and that m,(x) is irreducible. First, itis clear that I = (g(x)) = (m,(Xx)). If 
f@O € K[x] with f(a) = 0, then f(x) = h(x)m, (x) for some h(x). Therefore, m,(x) divides 
any polynomial that has a as a zero. It follows that m,(x) is the minimal polynomial. 

Suppose that m,(x) = g,(x)g_(x). Then since m,(a) = 0, it follows that either g,(a) = 
0 or g,(a) = 0. Suppose g;(a) = 0. Then from above, m,(x)|g;(x), and since g)(x)|m,(x), 
we must then have that g,(x) is a unit. Therefore, m,(x) is irreducible. 

(2) Consider the map T : K[x] — K[a] given by 


(> kx’) = > ka. 
i i 
Then T is a ring epimorphism (see exercises), and 
ker(z) = {f(x) € K[x] : f(@ = 0} = (m,()) 
from the argument in the proof of part (1). It follows that 
K[x]/(mgQ)) = Ka]. 
Since m,(x) is irreducible, we have K[x]/(m,(X)) is a field and, therefore, K[a] = K(a). 


(3) Letn = deg(m,(x)). We claim that the elements 1, a,..., a" area basis for K [a] = 
K(a) over K. First suppose that 


n-1 ; 
¥ cia’ = 0 
i=l 


with not all c; = 0 and c; « K. Then h(a) = 0, where h(x) = A ex! But this contradicts 
the fact that m,(x) has minimal degree over all polynomials in K[x] that have a asa 
zero. Therefore, the set 1,a,..., a”? is linearly independent over K. 

Now let b € K[a] = K[x]/(m,(X)). Then there is a g(x) € K[x] with b = g(a). By the 
division algorithm 


&(x) = A(x)mg(x) + r(x), 
where r(x) = 0 or deg(r(x)) < deg(m,(x)). Now 
r(a) = g(a) — h(a)m,(a) = g(a) = b. 
If r(x) = 0, then b = 0. If r(x) # 0, then since deg(r(x)) < n, we have 


Hxy=o texte tex 
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with c; « K and some c,, but not all might be zero. This implies that 


b=r(a) =Cy +CQt--++ Cy, 4a" 


and, hence, b is a linear combination over K of 1,a,..., qa™t. Hence, 1, a,..., qt spans 
K[a] over K and, hence, forms a basis. 


Theorem 5.3.3. Suppose that L|K is a field extension and a € L is algebraic over K. Sup- 
pose that f(x) € K[x] is a monic polynomial with f(a) = 0. Then f(x) is the minimal 
polynomial if and only if f (x) is irreducible in K [x]. 


Proof. Suppose that f(x) is the minimal polynomial of a. Then f(x) is irreducible from 
the previous theorem. 

Conversely, suppose that f(x) is monic, irreducible and f(a) = 0. From the previous 
theorem m,(x)| f(x). Since f(x) is irreducible, we have f(x) = cm,(x) with c €« K. How- 
ever, since both f(x) and m,(x) are monic, we must have c = 1, and f(x) = m,(X). 


We now show that a finite extension of K is actually finitely generated over K. In 
addition, it is generated by finitely many algebraic elements. 


Theorem 5.3.4. Let L|K be a field extension. Then the following are equivalent: 

(1) LIK is a finite extension. 

(2) LIK is an algebraic extension and there exist a,,...,A, € L with L = K(q,,..., An). 
(3) There exist algebraic elements a,,...,a, € L such that L = K(a,,...,ay). 


Proof. (1) = (2). We have seen in Theorem 5.2.3 that a finite extension is algebraic. 
Suppose that a,,...,a, are a basis for L over K. Then clearly L = K(q,,..., Qn). 

(2) = (3). If LIK is an algebraic extension and L = K(qy,...,a,), then each aq; is 
algebraic over K. 

(3) = (1). Suppose that there exist algebraic elements a,,...,a, € L such that 
L = K(q...,@,). We show that L|K is a finite extension. We do this by induction on n. 
Ifn = 1, then L = K(a) for some algebraic element a, and the result follows from Theo- 
rem 5.3.2. Suppose now that n > 2. We assume then that an extension K(qy,...,Ay_1) 
with ay,...,,_, algebraic elements is a finite extension. Now suppose that we have 
L = K(q,...,,) with a,,...,a, algebraic elements. 

Then 


|K(ay,...5 Qn) :K| 
= |K (ay, sce »An_-1) (An) :K(a, sae 5 An_)||K (ay, sous Qn-1) " K\. 


The second term |K(a;,...,@,_1) : K| is finite from the inductive hypothesis. The first 
term |K(dy,...,;@Qp_1)(An) : K(ay,...,Qp_1)| is also finite from Theorem 5.3.2 since it is 
a simple extension of the field K(a,,...,a,_,) by the algebraic element a,. Therefore, 
|K(a,,...,A,) : K| is finite. 
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Theorem 5.3.5. Suppose that K is a field and R is an integral domain with K c R. ThenR 
can be viewed as a vector space over K. If dim,(R) < oo, then Ris a field. 


Proof. Let rp € R with ry # 0. Define the map from R to R given by 
T(r) = IT. 


It is easy to show (see exercises) that this is a linear transformation from R to R, consid- 
ered as a vector space over K. 

Suppose that t(r) = 0. Then rrp = 0 and, hence, r = 0 since ro # 0 and R is an 
integral domain. It follows that 7 is an injective map. Since R is a finite-dimensional 
vector space over K, and T is an injective linear transformation, it follows that t must 
also be surjective. This implies that there exists an r, with t(r,) = 1. Then ryrp = 1 and, 
hence, rp has an inverse within R. Since rg was an arbitrary nonzero element of R, it 
follows that R is a field. 


Theorem 5.3.6. Suppose that K c L c M is a chain of field extensions. Then M|K is 
algebraic if and only if M|L is algebraic, and L|K is algebraic. 


Proof. If M|K is algebraic, then certainly M|L and L|K are algebraic. 
Now suppose that M|Z and L|K are algebraic. We show that MK is algebraic. Let 
a € M. Then since a is algebraic over L, there exist by, b;,...,b, € L with 


by + bia +--+ +b,a" = 0. 


Each b; is algebraic over K and, hence, K(bo,...,D,) is finite-dimensional over K. There- 
fore, K(Do,...,b,)(a@) = K(bo,...,by,@) is also finite-dimensional over K. Therefore, 
K(bo,...,Dn,@) is a finite extension of K and, hence, an algebraic extension K. Since 
a € K(bo,...,D,, a), it follows that a is algebraic over K and, therefore, M is algebraic 
over K. 


5.4 Algebraic Closures 


As before, suppose that L|K is a field extension. Since each element of K is algebraic over 
K, there are certainly algebraic elements over K within L. Let A, denote the set of all 
elements of L that are algebraic over K. We prove that A, is actually a subfield of L. It 
is called the algebraic closure of K within L. 


Theorem 5.4.1. Suppose that L|K is a field extension, and let Ax denote the set of all ele- 
ments of L that are algebraic over K. Then Ax is a subfield of L. Ay is called the algebraic 
closure of K in L. 


Proof: Since K c Ag, we have that Ay # 0. Let a,b € Ax. Since a,b are both algebraic 
over K from Theorem 5.3.4, we have that K(a, b) is a finite extension of K. Therefore, 
K(a, b) is an algebraic extension of K and, hence, each element of K(a, b) is algebraic 
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over K.Nowa,b « K(a,b) if b # 0, and K(a, b) is a field. Therefore, a+b, ab, and a/b are 
all in K(a,b) and, hence, all algebraic over K. Therefore, a + b, ab,a/b, if b # 0, are all 
in Ax. It follows that A, is a subfield of L. 


In Section 5.2, we showed that every finite extension is an algebraic extension. We 
mentioned that the converse is not necessarily true; that is, there are algebraic exten- 
sions that are not finite. Here we give an example. 


Theorem 5.4.2. Let A be the algebraic closure of the rational numbers Q within the com- 
plex numbers C. Then A is an algebraic extension of Q, but |A : Q| = oo. 


Proof: From the previous theorem, A is an algebraic extension of Q. We show that it 
cannot be a finite extension. 

By Eisenstein’s criterion, the rational polynomial f (x) = x? + pisirreducible over Q 
for any prime p. Let a be a zero in C of f(x). Then a € A, and |Q(a) : Q| = p. Therefore, 
|A : Q| = p for all primes p. Since there are infinitely many primes, this implies that 
|A: Q| = oo. 


5.5 Algebraic and Transcendental Numbers 


In this section, we consider the string of field extensions Qc Rc C. 


Definition 5.5.1. An algebraic number a is an element of C, which is algebraic over Q. 
Hence, an algebraic number is ana € Csuch that f(a) = 0 for some f(x) € Q[x]. Ifa eC 
is not algebraic, it is transcendental. 


We will let A denote the totality of algebraic numbers within the complex num- 
bers C, and 7 the set of transcendentals so that C = AUT. In the language of the last 
subsection, A is the algebraic closure of Q within C. As in the general case, if a € Cis 
algebraic, we will let m,(x) denote the minimal polynomial of a over Q. 

We now examine the sets A and 7 more closely. Since .A is precisely the algebraic 
closure of Q in C, we have from our general result that .A actually forms a subfield 
of C. Furthermore, since the intersection of subfields is again a subfield, it follows that 
A! = AMR, the real algebraic numbers form a subfield of the reals. 


Theorem 5.5.2. The set A of algebraic numbers forms a subfield of C. 
The subset A’ = An R of real algebraic numbers forms a subfield of R. 


Since each rational is algebraic, it is clear that there are algebraic numbers. Fur- 
thermore, there are irrational algebraic numbers, v2 for example, since it satisfies the 
irreducible polynomial x” — 2 = 0 over Q. On the other hand, we have not examined the 
question of whether transcendental numbers really exist. To show that any particular 
complex number is transcendental is, in general, quite difficult. However, it is relatively 
easy to show that there are uncountably infinitely many transcendentals. 
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Theorem 5.5.3. The set A of algebraic numbers is countably infinite. Therefore, T, the 
set of transcendental numbers, and T ' = TR, the real transcendental numbers, are 
uncountably infinite. 


Proof. Let 
Pr = {f) € Qlx] : deg( f(x) <n}. 


Since if f(x) € Pa f(X) = do + UX +-°- + G,X" with q,; € Q, we can identify a polynomial 
of degree < n with an (n+ 1)-tuple (qo, q,..-, Qn) of rational numbers. Therefore, the set 
P,, has the same size as the (n + 1)-fold Cartesian product of Q: 


O™-~QxQx--xQ. 


Since a finite Cartesian product of countable sets is still countable, it follows that P,, is 
a countable set. 
Now let 


B,= (J {zeros of p(x)}; 
POQEPy 


that is, B, is the union of all zeros in C of all rational polynomials of degree < n. Since 
each such p(x) has a maximum of n zeros, and since P,, is countable, it follows that B,, 
is a countable union of finite sets and, hence, is still countable. Now 


so Ais a countable union of countable sets and is, therefore, countable. 

Since both R and C are uncountably infinite, the second assertions follow directly 
from the countability of A. If say 7 were countable, then C = AU 7 would also be 
countable, which is a contradiction. 


From Theorem 5.5.3, we know that there exist infinitely many transcendental num- 
bers. Liouville, in 1851, gave the first proof of the existence of transcendentals by exhibit- 
ing a few. He gave the following as one example: 


Theorem 5.5.4. The real number 


is transcendental. 


Proof. First of all, since a < ae and yet aw is a convergent geometric series, it fol- 


lows from the comparison test that the infinite series defining c converges and defines 
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a real number. Furthermore, since dja a = 3 it follows that c < ; < 1. Suppose that 
c is algebraic so that g(c) = 0 for some rational nonzero polynomial g(x). Multiplying 
through by the least common multiple of all the denominators in g(x), we may suppose 
that f(c) = 0 for some integral polynomial f(x) = dj-0™m 0 mx. Then c satisfies 


for some integers Mo,..., Mp. 
If 0 < x <1, then by the triangle inequality 


n ; n 
Y jmjx* < >; | jm;| = B 
jal jal 


where B is a real constant depending only on the coefficients of f(x). 
Now let 


[f(x] = 


be the k-th partial sum for c. Then 
~ 1 1 
lc -—Cx| = > ae age 
Pex] 10/! 10(K+D! 


Apply the mean value theorem to f(x) at c and c; to obtain 


|f(c) -f(c,)| =|c- cxllf')| 
for some ¢ with c,; < ¢ <c < 1. Nowsince 0 < ¢ < 1, we have 


1 


le~ ell | < 2B ay. 


On the other hand, since f(x) can have at most n zeros, it follows that for all k large 
enough, we would have f(c;,) # 0. Since f(c) = 0, we have 


n 


>My 


j=1 


If(c) — f (cx)| = [F(c,)| = >a 


since for eachj,m mC, is a rational number with denominator 10*'. However, if k is chosen 
sufficiently large and nis fixed, we have 
1 2B 
york! a 1Q(k+D! . 
contradicting the equality from the mean value theorem. Therefore, c is transcenden- 
tal. 
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In 1873, Hermite proved that e is transcendental, whereas, in 1882, Lindemann 
showed that 7: is transcendental. Schneider, in 1934, showed that a? is transcendental if 
a # 0, a, and b are algebraic and b is irrational. In Chapter 20, we will prove that both e 
and z are transcendental. An interesting open question is the following: 

Is z transcendental over Q(e)? 

To close this section, we show that in general if a € L is transcendental over K, then 
K(a)|K is isomorphic to the field of rational functions over K. 


Theorem 5.5.5. Suppose that L|K is a field extension and a € L is transcendental over K. 
Then K(a)|K is isomorphic to K(x)|K. Here the isomorphism uw : K(x) — K(a) can be 
chosen such that u(x) = a 


Proof. Define the map p : K(x) — K(a) by 
(22). £0 
&(x)/ g(a) 


for f(x), g(x) € K[x] with g(x) # 0. Then w is a homomorphism, and u(x) = a. Since 
Lt # 0, it follows that wis an isomorphism. 


5.6 Exercises 


1. Let a ¢ C with a’ - 2a+2 = 0 andb = a’ — a. Compute the minimal polynomial 
m,(x) of b over Q and compute the inverse of b in Q(a). 

2. Determine the algebraic closure of R in C(x). 

3. Leta, := 4/2 € Rn =1,2,3,... andA := {a, : n € N} and E := Q(A). Show the 


following: 
@  |Q(a,) : Q| = 2". 
(ii) |E : Q| =o. 


(iii) E = UP, Q(a,). 
(iv) E is algebraic over Q. 
4. Determine |E : Q| for 
(i) E=Q(v2, v-2). 
(i) E = Q(V3, v3 + V3). 
(ii) E = QE, =). 
5. Show that Q( v2, V3) = {a+bv2+cv3+dv6: a,b,c, d € Q}. Determine the degree 
of Q( v2, V3) over Q. Further show that Q( v2, V3) = Q(v2 + V3). 
6. Let K,E be fields and a € E be transcendental over K. 
Show the following: 
(i) Each element of K(a)|K, which is not in K, is transcendental over K. 
(ii) a” is transcendental over K for each n > 1. 


3 


(iii) If L := K (45): then a is algebraic over L. Determine the minimal polynomial 


m,(x) of a over L. 


10. 


11. 
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Let K be a field and a € K(x) \ K. Show the following: 

(i) x is algebraic over K(a). 

(ii) If Lis a field with K c L ¢ K(x) andifa ¢ L, then |K(x) : L| < oo. 
(iii) a is transcendental over K. 

Suppose that a ¢€ L is algebraic over K. Let 


I= {f(x) € K[x] : f(@ = 0}. 


Since a is algebraic J # @. Prove that J is an ideal in K [x]. 

Prove that there are uncountably many transcendental numbers. To do this show 

that the set A of algebraic numbers is countable. To do this: 

(i) Show that Q, [x], the set of rational polynomials of degree < n, is countable 
(finite Cartesian product of countable sets). 

(ii) Let B, = {Zeros of polynomials in Q,,}. Show that B is countable. 

(iii) Show that A = Naa B, and conclude that A is countable. 

(iv) Show that the transcendental numbers are uncountable. 

Consider the map T : K[x] — K[a] given by 


0) kx’) = De: 


Show that 7 is a ring epimorphism. 

Suppose that K is a field and R is an integral domain with K c R. Then R can be 
viewed as a vector space over K. Let rp € Rwithry # 0. Define the map from RtoR 
given by 


T(r) =TTp. 


Show that this is a linear transformation from R to R, considered as a vector space 
over K. 


6 Field Extensions and Compass and Straightedge 
Constructions 


6.1 Geometric Constructions 


Greek mathematicians in the classical period posed the problem of constructing certain 
geometric figures in the Euclidean plane using only a straightedge and a compass. These 
are known as geometric construction problems. 

Recall from elementary geometry that using a straightedge and compass, it is pos- 
sible to draw a line parallel to a given line segment through a given point, to extend a 
given line segment, and to erect a perpendicular to a given line at a given point on that 
line. There were other geometric construction problems that the Greeks could not de- 
termine straightedge and compass solutions but, on the other hand, were never able to 
prove that such constructions were impossible. In particular, there were four famous in- 
solvable (to the Greeks) construction problems. The first is the squaring of the circle. This 
problem is, given a circle, to construct using straightedge and compass a square having 
an area equal to that of the given circle. The second is the doubling of the cube. This prob- 
lem is, given a cube of given side length, to construct using a straightedge and compass, 
a side of a cube having double the volume of the original cube. The third problem is the 
trisection of an angle. This problem is to trisect a given angle using only a straightedge 
and compass. The final problem is the construction of a regular n-gon. This problems 
asks which regular n-gons could be constructed using only straightedge and compass. 

By translating each of these problems into the language of field extensions, we can 
show that each of the first three problems are insolvable in general, and we can give the 
complete solution to the construction of the regular n-gons. 


6.2 Constructible Numbers and Field Extensions 


We now translate the geometric construction problems into the language of field exten- 
sions. As a first step, we define a constructible number. 


Definition 6.2.1. Suppose we are given a line segment of unit length. An a € R is con- 
structible if we can construct a line segment of length |a|, in a finite number of steps, 
from the unit segment using a straightedge and compass. 


Our first result is that the set of all constructible numbers forms a subfield of R. 


Theorem 6.2.2. The setC ofall constructible numbers forms a subfield of R. Furthermore, 
QcC. 


Proof: Let C be the set of all constructible numbers. Since the given unit length segment 
is constructible, we have 1 € C. Therefore, C # 9. Thus, to show that it is a field, we must 
show that it is closed under the field operations. 


https://doi.org/10.1515/9783111142524-006 
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Suppose a, f are constructible. We must show then that a + f, af, and a/f for B # 0 
are constructible. If a, 8 > 0, construct a line segment of length |a|. At one end of this 
line segment, extend it by a segment of length |8|. This will construct a segment of length 
a+ B. Similarly, if a > B, lay off a segment of length |8| at the beginning of a segment of 
length |a|. The remaining piece will be a — f. By considering cases, we can do this in the 
same manner if either a or f, or both, are negative. These constructions are pictured in 
Figure 6.1. Therefore, a + f are constructible. 


a B 


OO 


at+B B a—B 


Figure 6.1: Addition of constructible numbers. 


In Figure 6.2, we show how to construct af. Let the line segment OA have length |al. 
Consider a line L through O not coincident with OA. Let OB have length |p| as in the 
diagram. Let P be on ray OB so that OP has length 1. Draw AP and then find Q on ray OA 
such that BQ is parallel to AP. From similar triangles, we then have 


OP| _ (041 _ 1 _ lal 
[0B] |ooi IBl_ jo0| 


Then |OQ| = |a||B|, and so a is constructible. 


0 |a| A Q Figure 6.2: Multiplication of constructible numbers. 


A similar construction, pictured in Figure 6.3, shows that a/B for B # 0 is con- 
structible. Find OA, OB, OP as above. Now, connect A to B, and let PQ be parallel to AB. 
From similar triangles again, we have 


1 _ (0@| __ lal 
él al «OBI 


= |0QI. 


Hence, a/f is constructible. 
Therefore, C is a subfield of R. Since charC = 0, it follows that Q c C. 


Let us now consider how a constructible number is found in the plane. Starting at 
the origin and using the unit length and the constructions above, we can locate any point 
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|a| Figure 6.3: Inversion of constructible numbers. 


in the plane with rational coordinates. That is, we can construct the point P = (q, q) 
with q1, dz € Q. Using only straightedge and compass, any further point in the plane can 
be determined in one of the following three ways: 

1. The intersection point of two lines, each of which passes through two known points 
each having rational coordinates. 

2. The intersection point of a line passing through two known points having rational 
coordinates and a circle, whose center has rational coordinates, and whose radius 
squared is rational. 

3. The intersection point of two circles, each of whose centers has rational coordinates, 
and each of whose radii is the square root of a rational number. 


Analytically, the first case involves the solution of a pair of linear equations, each with 
rational coefficients and, thus, only leads to other rational numbers. In cases two and 
three, we must solve equations of the form x’+y’+ax+by+c = 0, witha, b,c € Q. These 
will then be quadratic equations over Q and, thus, the solutions will either be in Q, or 
in a quadratic extension Q(-/a@) of Q. Once a real quadratic extension of Q is found, the 
process can be iterated. Conversely, using the altitude theorem, if a is constructible, so 
is Va. Amuch more detailed description of the constructible numbers can be found in 
[52]. We thus can prove the following theorem: 


Theorem 6.2.3. If y is constructible with y ¢ Q, then there exists a finite number of el- 
ements Q,,...,a, € Rwitha, = y such that fori = 1,...,7r, Q(aq,...,a;) is a quadratic 
extension of Q(ay,...,@j;_). In particulary, |Q(y) : Q| = 2" for some n > 1. 


Therefore, the constructible numbers are precisely those real numbers that are con- 
tained in repeated quadratic extensions of Q. In the next section, we use this idea to 
show the impossibility of the first three mentioned construction problems. 


6.3 Four Classical Construction Problems 


We now consider the aforementioned construction problems. Our main technique will 
be to use Theorem 6.2.3. From this result, we have that if y is constructible with y ¢ Q, 
then |Q(y) : Q| = 2” for some n > 1. 


6.3 Four Classical Construction Problems —— 81 


6.3.1 Squaring the Circle 


Theorem 6.3.1. It is impossible to square the circle. That is, it is impossible in general, 
given a circle, to construct using straightedge and compass a square having area equal to 
that of the given circle. 


Proof. Suppose the given circle has radius 1. It is then constructible and would have 
an area of 7. A corresponding square would then have to have a side of length 7. To 
be constructible a number, a must have |Q(a) : Q| = 2™ < oo and, hence, a must be 
algebraic. However, 7 is transcendental, so 7 is also transcendental (see Section 20.4); 
therefore not constructible. 


6.3.2 The Doubling of the Cube 


Theorem 6.3.2. It is impossible to double the cube. This means that it is impossible in 
general, given a cube of given side length, to construct using a straightedge and compass, 
a side of a cube having double the volume of the original cube. 


Proof. Let the given side length be 1, so that the original volume is also 1. To double this, 
we would have to construct a side of length 2"/°. However, |Q(2"?) : Q| = 3 since the 
minimal polynomial over Q is my1/3(x) = x? — 2. This is not a power of 2, so 2"/3 is not 
constructible. 


6.3.3 The Trisection of an Angle 


Theorem 6.3.3. It is impossible to trisect an angle. This means that it is impossible, in 
general, to trisect a given angle using only a straightedge and compass. 


Proof. An angle @ is constructible if and only if a segment of length | cos 6| is con- 
structible. Since cos(z/3) = 1/2, therefore, 77/3 is constructible. We show that it cannot 
be trisected by straightedge and compass. 

The following trigonometric identity holds: 


cos(30) = 4 cos*(@) — 3cos(6). 


Let a = cos(z/9). From the above identity, we have 4a° — 3a - 5 = 0. 


The polynomial 4x? - 3x - ; is irreducible over Q and, hence, the minimal poly- 
nomial over Q is m,(x) = aa aX - z It follows that |Q(a) : Q| = 3; hence, a is not 


constructible. Therefore, the corresponding angle 7/9 is not constructible. Therefore, 
/3 is constructible, but it cannot be trisected. 
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6.3.4 Construction of a Regular n-Gon 


The final construction problem we consider is the construction of regular n-gons. The 
algebraic study of the constructibility of regular n-gons was initiated by Gauss in the 
early part of the nineteenth century. 

Notice first that a regular n-gon will be constructible for n > 3 if and only if the 
angle a is constructible, which is the case if and only if the length cos a is a con- 
structible number. From our techniques, if cos 2 is a constructible number, then nec- 
essarily |Q(cos(“)) : Q| = 2” for some m. After we discuss Galois theory, we see that 
this condition is also sufficient. Therefore, cos oi is a constructible number if and only 
if |Q(cos(~)) : Q| = 2” for some m. 

The solution of this problem, that is, the determination of when |Q(cos( =) :Q|=2™, 
involves two concepts from number theory: the Euler phi-function and Fermat primes. 


Definition 6.3.4. For any natural number n, the Euler phi-function is defined by 
@(n) = number of integers less than or equal to n, and relatively prime to n. 


Example 6.3.5. (6) = 2 since among 1, 2, 3, 4, 5, 6 only 1, 5 are relatively prime to 6. 


It is fairly straightforward to develop a formula for ¢(n). A formula is first deter- 
mined for primes and for prime powers, and then pasted back together via the funda- 
mental theorem of arithmetic. 


Lemma 6.3.6. For any prime p and m > 0, 


g(p™) = p™ - p™ = pn(1 - -). 
Pp 
Proof: If1 < a < p, then either a = p, or (a,p) = 1. It follows that the positive integers 
less than or equal to p™, which are not relatively prime to p™ are precisely the multiples 
of p; that is, p,2p,3p,...,p’""* - p. All other positive a < p”™ are relatively prime to p™. 
Hence, the number relatively prime to p™ is 


Lemma 6.3.7. If (a,b) = 1, then d(ab) = 6(a)o(b). 


Proof. Given a natural number n, a reduced residue system modulo nis a set of integers 
X4..-X, Such that each x; is relatively prime to n, x; # x; modulo n unless i = j, and if 
(x,n) = 1 for some integer x, then x = x; (mod n) for some i. Clearly, #(n) is the size of a 
reduced residue system modulo n. 

Let Rg = {X1,..-»Xgqy} be a reduced residue system modulo a, Rp = {Y1,..-Y¢gcp)} be 
a reduced residue system modulo J, and let 


S = fay, + bx :i=1,...,00),f =1...,0@}.- 
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We claim that S is a reduced residue system modulo ab. Since S has ¢(a)@(b) elements, 
it will follow that $(ab) = $(a)@(b). 

To show that S is a reduced residue system modulo ab, we must show three things: 
first that each x € S is relatively prime to ab; second that the elements of S are distinct; 
and, finally, that given any integer n with (n, ab) = 1, thenn = s (mod ab) for somes € S. 

Let x = ay; + bx}. Then since (Xj @) = 1 and (a,b) = 1, it follows that (x,a) = 1. 
Analogously, (x, b) = 1. Since x is relatively prime to both a and b, we have (x, ab) = 1. 
This shows that each element of S is relatively prime to ab. 

Next suppose that 


ay; + bx; = ay; + bx; (mod ab). 
Then 
ab|(ay; + bx;) — (ay, + bx;) => ay; = ay, (mod d). 


Since (a, b) =1, it follows that y;=y, (mod b). But then y;=y; since R, is a reduced residue 
system. Similarly, x; = x. This shows that the elements of S are distinct modulo ab. 
Finally, suppose (n, ab) = 1. Since (a, b) = 1, there exist x, y with ax + by = 1. Then 


anx + bny =n. 


Since (x, b) = 1, and (n, b) = 1, it follows that (nx, b) = 1. Therefore, there is an s; with 
nx = s,+ tb. In the same manner, (ny, a) = 1, and so there is an r; with ny = r; + ua. Then 


a(s; + tb) + DC; +uad) =n = n=a4s; + br; +(t+u)ab 


= n=ar;+ bs; (mod ab), 


and we are done. 


We now give the general formula for ¢(n). 


Theorem 6.3.8. Suppose n = p''--- pj, then 


b(n) = (py - PY )(WE - BE"). WEE - Pe”). 
Proof. From the previous lemma, we have 
G(n) = b(v})O(D2) + OCD) 
= (pt - PY) (py - PE") De - BEM) 
= pL 1/py)--- Py 1/pg) = py = Be 1 - 1/py) --- (1 - 1/P x) 
=n] [G-1/p)). 
i 


Example 6.3.9. Determine @(126). Now 


126 =2-37-7 => (126) = $(2)(37)(7) = (1)(3” - 3)(6) = 36. 
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Hence, there are 36 units in Zy5,. 
An interesting result with many generalizations in number theory is the following: 


Theorem 6.3.10. Forn >1and ford >1 


Y o@ =n. 


d\n 


Proof. We first prove the theorem for prime powers and then paste together via the 
fundamental theorem of arithmetic. 
Suppose that n = p® for p a prime. Then the divisors of n are 1, p,p’,..., p°, $0 


YG) = $0) + GM) + 4p’) +++ + G(D’) 


d\n 


=1+(p-1)+(p’-p) +--+ (p°-p*"). 


Notice that this sum telescopes; that is, 1 + (p — 1) = p, p + (p* — p) = p* and so on. 
Hence, the sum is just p*, and the result is proved for n a prime power. 

We now do an induction on the number of distinct prime factors of n. The above 
argument shows that the result is true if n has only one distinct prime factor. Assume 
that the result is true whenever an integer has less than k distinct prime factors, and 
suppose n = py . “pi has k distinct prime factors. Then n = p°c, where p = p;, e = @, 
and c has fewer than k distinct prime factors. By the inductive hypothesis 


Y ¢(d) =e. 
dlc 
Since (c,p) = 1, the divisors of n are all of the form p%d,, where d,|c, and 


a=0,1,...,e. It follows that 


YO) = Y) 9d) + Y) G(pay) +--+ + Y G(p"d)). 


d|n dc d,|c d,|c 


Since (d,, p*) = 1, for any divisor of c, this sum equals 


YG) + D PPG) +--+ Y G(v*)O) 


d,|c d,|c d,|c 


= ¥ od) + (p-1) ¥ Od) +--+ (VP -p**) ¥ Oa) 


dlc d,|c d,|c 


=c+(p-lc+(p?-p)c +--+ (p® -p*")c. 
As in the case of prime powers, this sum telescopes, giving a final result 


Y G(d) = p*c =n. 


d|n 
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Example 6.3.11. Consider n = 10. The divisors are 1, 2, 5, 10. Then (1) = 1, @(2) = 1, 
(5) = 4, and @(10) = 4. Then 


o(1) + O(2) + O(5) + (10) =1414+44+4=10. 


We will see later in the book that the Euler phi-function plays an important role in 
the structure theory of Abelian groups. 
We now turn to Fermat primes. 


Definition 6.3.12. The Fermat numbers are the sequence (F,,) of positive integers de- 
fined by 


F,=2) +1, m=0)1,2,3,..9. 


If a particular F,, is prime, it is called a Fermat prime. 


Fermat believed that all the numbers in this sequence were primes. In fact, Fo, Fy, 
Fy, F3, F, are all primes, but F; is composite and divisible by 641 (see exercises). It is still 
an open question whether or not there are infinitely many Fermat primes. It has been 
conjectured that there are only finitely many. On the other hand, if a number of the form 
2” +1is a prime for some integer n, then it must be a Fermat prime. 


Theorem 6.3.13. Ifa >2anda" +1is a prime for some n > 1, then a is even, andn = 2™ 
for some nonnegative integer m. In particular, if p = 2k +1isa prime for some k > 1, then 
k = 2" for some n, and p is a Fermat prime. 


Proof. Ifais odd then a” +1 is even and, hence, not a prime. Suppose then that a is even 
and n = kl with k odd and k > 3. Then 


kl 
a~+1 2 = 
= gk-Dl_ gk-al, 


+1. 
ab+1 


Therefore, a'+1 divides a‘'+1ifk > 3. Hence, if a”+1is a prime, we must have n = 2”. 


We can now state the solution to the constructibility of regular n-gons. 


Theorem 6.3.14. A regular n-gon is constructible with a straightedge and compass if and 
only ifn = 2p, --- py, where py,..., Px are distinct Fermat primes. 


For example, before proving the theorem, notice that a regular 20-gon is con- 
structible since 20 = 27-5, and 5 is a Fermat prime. On the other hand, a regular 11-gon 
is not constructible. 


2ni 
Proof. Let u =e bea primitive n-th root of unity. Since 


ani (=) 2% (=) 
en =cos| — | +isin( — 
n n 
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is easy to compute that (see exercises) 


Be 2 cos( a , 
+ i = 
Therefore, Q(u+ a) = Q(cos(~)). After we discuss Galois theory in more detail, we will 
prove that 


oleh te 


where @(n) is the Euler phi-function. Therefore, cos() is constructible if and only if 
on) and, hence, @(n) is a power of 2. 
Suppose that n = 2p; --- p‘*, all p; odd primes. Then from Theorem 6.3.8, 


G(r) = 2. (pit — pe )(p? - pe) --- (Bet - PE). 
If this was a power of 2 each factor must also be a power of 2. Now 
pei - pi = p(y; - D. 


If this is to be a power of 2, we must have e; = 1 and p; - 1 = 2% for some k;. Therefore, 
each prime is distinct to the first power, and p; = 2% + 1is a Fermat prime, proving the 
theorem. 


6.4 Exercises 


1. Let @ be a given angle. In which of the following cases is the angle w constructible 
from the angle ¢ by compass and straightedge? 
(a) g= 3 and y = mi 
(b) @= 5 and ) = a 
(c) @= > and y = 5 

2. (The golden section) In the plane, let AB be a given segment from A to B with length a. 
The segment AB should be divided such that the proportion of AB to the length of the 
bigger subsegment is equal to the proportion of the length of the bigger subsegment 
to the length of the smaller subsegment: 


ee 

b a-b 
where b is the length of the bigger subsegment. Such : division is ange division by 
the golden section. If we write b = ax,0 <x <1, then + == =; that is, x7 =1-x.Do 
the following: 


V5 


1 
(a) Show that x= 


=a. 
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(b) Construct the division of AB by the golden section with compass and straight- 
edge. 

(c) If we divide the radius r > 0 ofa circle by the golden section, then the bigger 
part of the so divided radius is the side of the regular 10-gon with its 10 vertices 
on the circle. 

Given a regular 10-gon such that the 10 vertices are on the circle with radius R > 0. 

Show that the length of each side is equal to the bigger part of the radius divided by 

the golden section. Describe the procedure of the construction of the regular 10-gon 

and 5-gon. 

Construct the regular 17-gon with compass and straightedge. 

Hint: We have to construct the number 3(w + w') = Cos z, where W = em, First, 

construct the positive zero w, of the polynomial x” + x — 4; we get 


1 ik = 2 7 
w= 5(VI7-1)=w+o tear tw? +u +0 +08 +0. 


Then, construct the positive zero w, of the polynomial x” — w,x — 1; we get 
1 2 : 
W = i(7-1+ 34-277) = w+ ha Pa 


From w, and W., construct B = F(w5 — W, + W, — 4). Then w3 = 2cos a is the biggest 
of the two positive zeros of the polynomial x? — w,x + B. 

The Fibonacci numbers f,, are defined by fp = 0,f, = land fy. = fra + f, for 
né NU {0}. Show the following: 


(a) f= SF witha = $8, p= 58. 


(b) (4) on converges and lim,,_,.,, font = tvs =a. 


© (9h) =e fren. 
OM fitht--thr=fiuo-1n21. 
(e) Sr—vhni -f? = (-1)", neN. 


() fpr fpr +f? =fifuan €N. 
Show: The Fermat numbers Fo, F,, Fy, F3, F, are all prime but F; is composite and 
divisible by 641. 


ani 
Let u =e” bea primitive n-th root of unity. Using 


ani (=) e (=) 
en =cos| — | +isin( — }, 
n n 


show that 


7 Kronecker’s Theorem and Algebraic Closures 


7.1 Kronecker’s Theorem 


In the last chapter, we proved that if L|K is a field extension, then there exists an inter- 
mediate field K c A c Lsuch that Ais algebraic over K, and contains all the elements of 
L that are algebraic over K. We call A the algebraic closure of K within L. In this chapter, 
we prove that starting with any field K, we can construct an extension field K that is al- 
gebraic over K and is algebraically closed. By this, we mean that there are no algebraic 
extensions of K or, equivalently, that there are no irreducible nonlinear polynomials in 
K[x]. In the final section of this chapter, we will give a proof of the famous fundamental 
theorem of algebra, which in the language of this chapter says that the field C of com- 
plex numbers is algebraically closed. We will present another proof of this important 
result later in the book after we discuss Galois theory. 

First, we need the following crucial result of Kronecker, which says that given a 
polynomial f(x) in K[x], where K is a field, we can construct an extension field L of K, in 
which f(x) has a zero a. We say that L has been constructed by adjoining a to K. Recall 
that if f(x) € K[Xx] is irreducible, then f(x) can have no zeros in K. We first need the 
following concept: 


Definition 7.1.1. Let L|K and L’|K be field extensions. Then a K-isomorphism is an iso- 
morphism 7 : L — L’, that is, the identity map on K; thus, it fixes each element of K. 


Theorem 7.1.2 (Kronecker’s theorem). Let K be a field and f(x) € K[x]. Then there exists 
a finite extension K' of K, where f(x) has a zero. 


Proof. Suppose that f(x) € K [x]. We know that f(x) factors into irreducible polynomials. 
Let p(x) be an irreducible factor of f(x). From the material in Chapter 4, we know that 
since p(x) is irreducible, the principal ideal (p(x)) in K[x] is a maximal ideal. To see this, 
suppose that g(x) ¢ (p(x)), so that g(x) is not a multiple of p(x). Since p(x) is irreducible, 
it follows that (p(x), g(x)) = 1. Thus, there exist h(x), k(x) € K[x] with 


A(x)p(x) + kK) g(x) = 1. 


The element on the left is in the ideal (g(x), p(x)), so the identity, 1, is in this ideal. There- 
fore, the whole ring K [x] is in this ideal. Since g(x) was arbitrary, this implies that the 
principal ideal (p(x)) is maximal. 

Now let K’ = K[x]/(p(x)). Since (p(x)) is a maximal ideal, it follows that K’ is a field. 
We show that K can be embedded in K’, and that p(x) has a zero in K’. 

First, consider the map a : K[x] > K’ by a(f(x)) = f(x) + (p(X). This is a homo- 
morphism. Since the identity element 1 € K is not in (p(x)), it follows that a restricted 
to K is nontrivial. Therefore, a restricted to K is a monomorphism since if ker(q,,.) #K 
then ker(qj,.) = {0}. Therefore, K can be embedded into a(K), which is contained in K’. 
Therefore, K' can be considered as an extension field of K. Consider the element a = 


https://doi.org/10.1515/9783111142524-007 


7.1 Kronecker’s Theorem —— 89 


X + (p(x)) € K'. Then p(a) = p(x) + (p(x)) = 0 + (p(x) since p(x) € (p(x). But 0 + (p(x) 
is the zero element 0 of the factor ring K[x]/(p(x)). Therefore, in K’, we have p(a) = 0; 
hence, p(x) has a zero in K’. Since p(x) divides f(x), we must have f(a) = 0 in K’ also. 
Therefore, we have constructed an extension field of K, in which f(x) has a zero. 


In conformity to Chapter 5, we write K(a) for the field adjunction of a = x + ((p(x))) 
to K. We now outline an intuitive construction. From this, we say that the field K is 
constructed by adjoining the zero (a) to K. We remark that this construction is not a 
formally correct proof as that given for Theorem 7.1.2. 

We can assume that f(x) is irreducible. Suppose that f(x) = a) +a,X+---+a,x" with 
a, # 0. Define a to satisfy 


dy + aya+---+a,a" =0. 
Now, define K' = K(aq) in the following manner. We let 
K(Q) = {eq + Cy +--+ + Cy ga”? : cj € KY. 


Then on K(aq), define addition and subtraction componentwise, and define multiplica- 
tion by algebraic manipulation, replacing powers of a higher than a" by using 


n-1 

n_ ~4 — MA —-**— Aya 

a = ; 
a 


n 


We claim that K’ = K(a), then forms a field of finite degree over K. The basic 
ring properties follow easily by computation (see exercises) using the definitions. We 
must show then that every nonzero element of K(a) has a multiplicative inverse. Let 
g(a) € K(a). Then the corresponding polynomial g(x) € K[x] is a polynomial of de- 
gree < n—1. Since f(x) is irreducible of degree n, it follows that f(x) and g(x) must be 
relatively prime; that is, (f(x), g(x)) = 1. Hence, there exist a(x), b(x) € K[x] with 


a(x)f (x) + ba g(x) = 1. 
Evaluate these polynomials at a to get 
a(a)f (a) + b(a)g(a) = 1. 
Since by definition we have f(a) = 0, this becomes 
b(a)g(a) = 1. 


Now b(a) might have degree higher than n — 1 in a. However, using the relation that 
f (a) = 0, we can rewrite b(a) as b(a), where b(a) now has degree < n—1ina and, hence, 
is in K(a). Therefore, 


b(a)g(a) = 1; 
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hence, g(a) has a multiplicative inverse. It follows that K(q) is a field and, by definition, 
f(a) = 0. The elements 1, a,... ,a" form a basis for K (a) over K and, hence, 


|K(a) : K| =n. 


Example 7.1.3. Let f(x) = x2 +1 € R[x]. This is irreducible over R. We construct the 
field, in which this has a zero. Let K' = K[x]/ (x2 +1), and let a ¢ K' with f(a) = 0. The 
extension field IR(a) then has the form 


K' =R(a@) = {x +ay:x%,y € Ra’ = -1}. 


It is clear that this field is R-isomorphic to the complex numbers C; R(a) = R(i) = C. 


Theorem 7.1.4. Let p(x) ¢ K[x] be an irreducible polynomial, and let K' = K(a) be the 
extension field of K constructed in Kronecker’s theorem, in which p(x) has a zero a. Let L 
be an extension field of K, and suppose that a € L is algebraic with minimal polynomial 
M,(X) = p(x). Then K(a) is K-isomorphic to K(a). 


Proof. If L|K is a field extension and a € L with p(a) = 0 and if deg(p(x)) = n, then the 
elements 1,a,..., a‘ constitute a basis for K(a) over K, and the elements 1, a,..., a"! 
constitute a basis for K(a) over K. The mapping 


Tt: K(a) > K(a) 


defined by t(k) = kifk € K and r(a) = a, and then extended by linearity, is easily shown 
to be a K-isomorphism. 


Theorem 7.1.5. Let K be a field. Then the following are equivalent: 

(1) Each nonconstant polynomial in K[x] has a zero in K. 

(2) Each nonconstant polynomial in K[x] factors into linear factors over K. That is, for 
each f(x) € K[X], there exist elements a,,...,Q,,b € K with 


f(x) = D(x -ay)--- (x -a,). 


(3) An element of K [x] is irreducible if and only if it is of degree one. 
(4) IfL\K is an algebraic extension, then L = K. 


Proof. Suppose that each nonconstant polynomial in K[x] has a zero in K. 
Let f(x) € K[x] with deg(f(x)) = n. Suppose that a, is a zero of f(x), then 


f(x) = (* - a)hO), 
where the degree of h(x) is n — 1. Now h(x) has a zero a, in K so that 


F(X) = (X ~ G4) (XK — a) 8) 
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with deg(g(x)) = n — 2. Continue in this manner, and f(x) factors completely into linear 
factors. Hence, (1) implies (2). 

Now suppose (2); that is, that each nonconstant polynomial in K [x] factors into lin- 
ear factors over K. Suppose that f(x) is irreducible. If deg(f(x)) > 1, then f(x) factors 
into linear factors and, hence, is not irreducible. Therefore, f(x) must be of degree 1, 
and (2) implies (3). 

Now suppose that an element of K [x] is irreducible if and only if it is of degree one, 
and suppose that L|K is an algebraic extension. Let a € L. Then a is algebraic over K. 
Its minimal polynomial m,(x) is monic and irreducible over K and, hence, from (3), is 
linear. Therefore, m,(x) = x—a € K[x]. It follows that a € K and, hence, K = L. Therefore, 
(3) implies (4). 

Finally, suppose that whenever L|K is an algebraic extension, then L = K. Suppose 
that f(x) is a nonconstant polynomial in K [x]. From Kronecker’s theorem, there exists 
a field extension L, anda ¢€ L with f(a) = 0. However, L is an algebraic extension. 
Therefore, by supposition, K = L. Therefore, a € K, and f(x) has a zero in K. Therefore, 
(4) implies (1), completing the proof. 


In the next section, we will prove that given a field K, we can always find an exten- 
sion field K with the properties of the last theorem. 


7.2 Algebraic Closures and Algebraically Closed Fields 


A field K is termed algebraically closed if K has no algebraic extensions other than K 
itself. This is equivalent to any one of the conditions of Theorem 7.1.5. 


Definition 7.2.1. A field K is algebraically closed if every nonconstant polynomial f(x) € 
K[x] has a zeroin K. 


The following theorem is just a restatement of Theorem 7.1.5. 


Theorem 7.2.2. A field K is algebraically closed if and only it satisfies any one of the fol- 

lowing conditions: 

(1) Each nonconstant polynomial in K [x] has a zero in K. 

(2) Each nonconstant polynomial in K[x] factors into linear factors over K. That is, for 
each f(x) € K[x], there exist elements a,,...,A,,b € K with 


f(X) = D(x - a,)--- (x -a,). 


(3) An element of K [x] is irreducible if and only if it is of degree one. 
(4) IfL\K is an algebraic extension, then L = K. 


The prime example of an algebraically closed field is the field C of complex num- 
bers. The fundamental theorem of algebra says that any nonconstant complex polyno- 
mial has a complex zero. 
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We now show that the algebraic closure of one field within an algebraically closed 
field is algebraically closed. First, we define a general algebraic closure. 


Definition 7.2.3. An extension field K of a field K is an algebraic closure of K if K is 
algebraically closed and K|K is algebraic. 


Theorem 7.2.4. Let K bea field and L|K an extension of K with L algebraically closed. Let 
K = Ax be the algebraic closure of K within L. Then K is an algebraic closure of K. 


Proof. Let K = Ax be the algebraic closure of K within L. We know that K|K is algebraic. 
Therefore, we must show that K is algebraically closed. 

Let f(x) be a nonconstant polynomial in K[x]. Then f(x) € L[x]. Since L is alge- 
braically closed, f(x) has a zero ain L. Since f(a) = 0 and f(x) € K[x], it follows that a is 
algebraic over K. However, K is algebraic over K. Therefore, a is also algebraic over K. 
Hence, a € K, and f(x) has a zero in K. Therefore, K is algebraically closed. 


We want to note the distinction between being algebraically closed and being an 
algebraic closure. 


Lemma 7.2.5. The complex numbers C are an algebraic closure of R, but not an algebraic 
closure of Q. An algebraic closure of Q is A the field of algebraic numbers within C. 


Proof: C is algebraically closed (the fundamental theorem of algebra), and since 
|C : R| = 2, it is algebraic over R. Therefore, C is an algebraic closure of R. Although 
C is algebraically closed and contains the rational numbers Q, it is not an algebraic 
closure of Q since it is not algebraic over Q as there exist transcendental elements. 

On the other hand, .A, the field of algebraic numbers within Q, is an algebraic clo- 
sure of Q from Theorem 7.2.4. 


We now show that every field has an algebraic closure. To do this, we first show that 
any field can be embedded into an algebraically closed field. 


Theorem 7.2.6. Let K be a field. Then K can be embedded into an algebraically closed 
field. 


Proof. We show first that there is an extension field L of K, in which each nonconstant 
polynomial f(x) € K[x] has a zero in L. 
Assign to each nonconstant f(x) ¢ K[x] the symbol y,, and consider 


R= K[yp :f() € KIx]], 


the polynomial ring over K in the variables yr. Let 


I= {Son 7, ER F(x) € xsi} 
Fl 
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It is straightforward that J is an ideal in R. Suppose that J = R. Then 1 ¢€ J. Hence, there 
is a linear combination 


1= 8ifi0p) +--+ ShnOp,)> 


where g; «I =R. 
In the n polynomials g;,...,8,, there are only a finite number of variables, say for 
example, 


D ASEEES ) Es a 
Hence, 
n 
1= ) gil -- pip): (*) 
i=l 


Successive applications of Kronecker’s theorem lead us to construct an extension field 
P of K, in which each f has a zero q;. Substituting a; for yp in («) above, we get that 1 = 0 
a contradiction. Therefore, I # R. 

Since J is a ideal not equal to the whole ring R, it follows that J is contained in a 
maximal ideal M of R. Set L = R/M. Since M is maximal L is a field. Now K nM = {0}. If 
not, suppose that a ¢ KN M witha # 0. Thena ‘a =1€ M, and then M = R. Now define 
tT: K > Lbyt(k) = k+M. Since KNM = {0}, it follows that ker(r) = {0}. Therefore, 7 isa 
monomorphism. This allows us to identify K and T(K), and shows that K embeds into L. 

Now suppose that f(x) is a nonconstant polynomial in K [x]. Then 


fy +M) =f (yp) +M. 
However, by the construction f(y;) ¢ M, so that 
f (yp + M) = M = the zero element of L. 


Therefore, Dp + M isa zero of f(x). 

Therefore, we have constructed a field L, in which every nonconstant polynomial 
in K[x] has a zero in L. 

We now iterate this procedure to form a chain of fields 


KcK(=L) ck, c-:: 


such that each nonconstant polynomial of K;[x] has a zero in K;,;. 
Now let K = (),K;. It is easy to show (see exercises) that K is a field. If f(x) is a 
nonconstant polynomial in R[x], then there is some i with {OO € K;[x]. Therefore, f(x) 


has a zero in K;,,[x] ¢ K. Hence, f(x) has a zero in K, and K is algebraically closed. 
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Theorem 7.2.7. Let K be a field. Then K has an algebraic closure. 


Proof. Let K be an algebraically closed field containing K, which exists from Theo- 
rem 7.2.6. Now let K = Aj be the set of elements of K that are algebraic over K. From 
Theorem 7.2.4, K is an algebraic closure of K. 


The following lemma is straightforward. We leave the proof to the exercises. 


Lemma 7.2.8. Let K,K’ be fields and @ : K — K' ahomomorphism. Then 


@:K[x] > K' [x], givenby 


a( 3 ka!) = Som! 


i=0 


is also a homomorphism. By convention, we identify @ and @ and write @ = @. If ¢ is an 
isomorphism, then so is @. 


Lemma 7.2.9. Let K,K' be fields and @ : K — K' an isomorphism. Let f(x) € K[x] be 
irreducible. Let K c K(a) and K' c K'(a'), where a is a zero of f (x) anda’ is a zero of 
(f(x). Then there is an isomorphism p : K(a) — K'(a') with p= @ and Wa) = a’. 
Furthermore, w) is uniquely determined. 


Proof. This is a generalized version of Theorem 7.1.4. If b ¢ K(a), then from the con- 
struction of K(a), there is a polynomial g(x) € K[x] with b = g(a). Define a map 


W : K(a) — K'(a’) 
by 
(db) = $(g(x))(a’). 


We show that y is an isomorphism. 

First, is well defined. Suppose that b = g(a) = h(a) with h(x) € K[x]. Then (g - 
h)(a) = 0. Since f(x) is irreducible, this implies that f(x) = cm,(x), and since a is a zero 
of (g — h)(x), then f(x)|(g — h)(x). Then 


P(F (2))|(0(8 0) - O(R@)). 


Since @(f(x))(a’) = 0, this implies that $(g(x))(a’) = @(h(x))(a’); hence, the map y is 
well defined. 

It is easy to show that y is a homomorphism. Let b, = g)(a), by = go(a). Then b,b, = 
&18>(a). Hence, 


(bby) = (P(8182))(a") = O(@1)(a')b(82)(a") = Y(by)W(by). 
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In the same manner, we have (b, + by) = W(b,) + W(bz). Now suppose that k € K so that 
k ¢ K[x] isa constant polynomial. Then W(k) = (@(k))(a’) = $(k). Therefore, restricted 
to K is precisely @. As is not the zero mapping, it follows that is a monomorphism. 
Finally, since K(a) is generated from K and a, and y restricted to K is @, it follows 
that is uniquely determined by @ and (a) = a’. Hence, ) is unique. 


Theorem 7.2.10. Let L|K be an algebraic extension. Suppose that L, is an algebraically 
closed field and @ is an isomorphism from K to K, < L,. Then there exists amonomorphism 
from L to L, with p,, = ¢. 
Before we give the proof, we note that the theorem gives the following diagram: 
Loco Ll, - Usebraically 


closed 


algebraic 


K ———~ k= (kK) 


In particular, the theorem can be applied to monomorphisms of a field K within 
an algebraic closure K of K. Specifically, suppose that K c K, where K is an algebraic 
closure of K, and leta: K > Kbea monomorphism with a(K) = K. Then there exists 
an automorphism a* of K with aj. = a. 


Proof of Theorem 7.2.10. Consider the set 


M = {(M,T): Misa field with K c M cL, 
where there exists a monomorphism 7 : M — L, with 7, = o}. 


Now the set M is nonempty since (K,@) € M. Order M by (M,,7) < (M), 7.) if 
M, Cc M, and (T) iy, = Ty. Let 
1 


kK = {(Mj, T)) : i € qT} 
be a chain in M. Let (M, T) be defined by 


M=|JM;_ with c(a) = 7,(@) for all a € M,. 
iel 

It is clear that M is an upper bound for the chain K. Since each chain has an upper bound 
it follows from Zorn’s lemma that M has a maximal element (N, p). We show that N = L. 
Suppose that N ¢ L. Leta ¢ L\ N. Then ais algebraic over N and further algebraic 
over K, since L|K is algebraic. Let m,(x) € N[x] be the minimal polynomial of a relative 
to N. Since L, is algebraically closed, p(m,(x)) has a zero a’ ¢€ L,. Therefore, there is a 
monomorphism p' : N(a) — L, with p’ restricted to N, the same as p. It follows that 
(N, p) < (N(a), p’) since a ¢ N. This contradicts the maximality of N. Therefore, N = L, 
completing the proof. 
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Combining the previous two theorems, we can now prove that any two algebraic 
closures of a field K are unique up to K-isomorphism; that is, up to an isomorphism, 
thus, is the identity on K. 


Theorem 7.2.11. Let L,; and Ly be algebraic closures of the field K. Then there is a 
K-isomorphism tT : L — Ly. Again by K-isomorphism, we mean that Tt is the identity 
on Kk. 


Proof: From Theorem 7.2.7, there is a monomorphism t : L, — L, with Tt the identity 
on K. However, since L, is algebraically closed, so is T(Z;). Then L,|T(L;) is an algebraic 
extension. Therefore, since L, is algebraically closed, we must have Ly = T(L,). There- 
fore, T is also surjective and, hence, an isomorphism. 


The following corollary is immediate. 


Corollary 7.2.12. Let L|K and L'|K be field extensions with a ¢ L anda’ < L' algebraic 
elements over K. Then K(a) is K-isomorphic to K(a’) if and only if |K(a) : K| = |K(a') : K|, 
and there is an element a” € K(a') with m,(x) = Mgr(x). 


7.3 The Fundamental Theorem of Algebra 


The fundamental theorem of algebra is one of the most important algebraic results. This 
says that any nonconstant complex polynomial must have a complex zero. In the lan- 
guage of field extensions, this says that the field of complex numbers C is algebraically 
closed. There are many distinct and completely different proofs of this result. In [7], 
twelve proofs were given covering a wide area of mathematics. In this section we pro- 
vide an elementary proof of the fundamental theorem of algebra. Before doing this, we 
briefly mention some of the history surrounding this theorem. 

The first mention of the fundamental theorem of algebra, in the form that every 
polynomial equation of degree n has exactly n zeros, was given by Peter Roth of Nurn- 
berg in 1608. However, its conjecture is generally credited to Girard, who also stated 
the result in 1629. It was then more clearly stated in 1637 by Descartes, who also distin- 
guished between real and imaginary zeros. The first published proof of the fundamental 
theorem of algebra was then given by D’Alembert in 1746. However, there were gaps in 
D’Alembert’s proof, and the first fully accepted proof was that given by Gauss in 1797 in 
his Ph. D. thesis. This was published in 1799. Interestingly enough, in reviewing Gauss’ 
original proof, modern scholars tend to agree that there are as many holes in this proof 
as in D’Alembert’s proof. Gauss, however, published three other proofs with no such 
holes. He published second and third proofs in 1816, while his final proof, which was 
essentially another version of the first, was presented in 1849. 

First, we need the concept of a splitting field for a polynomial. 
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7.3.1 Splitting Fields 


We have just seen that given an irreducible polynomial over a field K, we could always 
find a field extension, in which this polynomial has a zero. We now push this further to 
obtain field extensions, where a given polynomial has all its zeros. 


Definition 7.3.1. If K isa field and 0 # f(x) ¢ K[x], and K’ is an extension field of K, then 
f (x) splits in K' (K' may be KR), if f(x) factors into linear factors in K’ [x]. Equivalently, 
this means that all the zeros of f(x) are in K’. 

K' isa splitting field for f(x) over K if K' is the smallest extension field of K, in which 
f (Xx) splits. (A splitting field for f(x) is the smallest extension field, in which f(x) has all 
its possible zeros.) 

K' isa splitting field over K ifit is the splitting field for some finite set of polynomials 
over K. 


Theorem 7.3.2. If K is a field and 0 # f(x) € K[x], then there exists a splitting field for 
f(X) over K. 


Proof. The splitting field is constructed by repeated adjoining of zeros. Suppose, with- 
out loss of generality, that f(x) is irreducible of degree n over K. From Theorem 7.1.2, 
there exists a field K’ containing a with f(a) = 0. Then f(x) = (x — a)g(x) € K'[x] with 
deg g(x) = n-1. By an inductive argument, g(x) has a splitting field; therefore, so does 


f(x). 


7.3.2 Permutations and Symmetric Polynomials 


To obtain a proof of the fundamental theorem of algebra, we need to go a bit outside 
of our main discussions of rings and fields and introduce symmetric polynomials. To 
introduce this concept, we first review some basic ideas from elementary group theory, 
which we will look at in detail later in the book. 


Definition 7.3.3. A group G is a set with one binary operation, which we will denote by 

multiplication, such that the following hold: 

(1) The operation is associative; that is, (2125) g3 = 21(8283) for all g;, 95, g3 € G. 

(2) There exists an identity for this operation; that is, an element 1 such that 1g = g for 
each g €G. 

(3) Each g € Ghas an inverse for this operation; that is, for each g, there exists ag! 
with the property that gg! = 1. 


If in addition the operation is commutative (g)g5 = 8; for all g),g, € G), the group G 
is called an Abelian group. The order of G is the number of elements in G, denoted |G]. If 
IG| < co, Gis a finite group. H c Gis a subgroup if H is also a group under the same op- 
eration as G. Equivalently, H is a subgroup if H # 0, and H is closed under the operation 
and inverses. 
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Groups most often arise from invertible mappings of a set onto itself. Such mappings 
are called permutations. 


Definition 7.3.4. IfT isa set, a permutation on T is a one-to-one mapping of T onto itself. 
We denote the set of all permutations on T by Sr. 


Theorem 7.3.5. For any set T, Sr forms a group under composition called the symmetric 
group on T. If T, T; have the same cardinality (size), then Sy = Sr. If T is a finite set with 
|T| =n, then S; is a finite group, and |S;| = nl. 


Proof. If Sr is the set of all permutations on the set T, we must show that composition 
is an operation on Sr that is associative and has an identity and inverses. 

Let f, g € Sp. Then /f, g are one-to-one mappings of T onto itself. 

Consider fog : T — T.Iffog(t) = fog(t,), thenf(g(t,)) = f(g(t,)), and g(t) = g(t), 
since f is one-to-one. But then t, = t, since g is one-to-one. 

If t € T, there exists t, ¢ T with f(t,) = t since f is onto. Then there exists t, « T 
with g(t,) = t, since g is onto. Putting these together, f(g(t,)) = t; therefore, f og is onto. 
Therefore, f ° g is also a permutation, and composition gives a valid binary operation 
on S;. 

The identity function 1(t) = t for all t € T will serve as the identity for S;, whereas 
the inverse function for each permutation will be the inverse. Such unique inverse func- 
tions exist since each permutation is a bijection. 

Finally, composition of functions is always associative; therefore, S; forms a group. 

If T, T, have the same cardinality, then there exists a bijection o : T — T;. Define a 
map F : Sp — Sr, in the following manner: if f € Sz, let F(f) be the permutation on T; 
given by F(f)(t,) = o(f (o-*(t,))). It is straightforward to verify that F is an isomorphism 
(see the exercises). 

Finally, suppose |T| = n < co. Then T = {t,,...,t,}. Each f € S; can be pictured as 


fa ( t Sts th ) 
f(t) +++ f (th) 
For t,, there are n choices for f(t,). For t,, there are only n - 1 choices since f is one-to- 


one. This continues down to only one choice for t,,. Using the multiplication principle, 
the number of choices for f and, therefore, the size of S; is 


n(n-1)---1=n!. 


For a set with n elements, we denote Sr by S,, called the symmetric group on n sym- 
bols. 


Example 7.3.6. Write down the six elements of S, and give the multiplication table for 
the group. 
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Name the three elements 1, 2,3 of T. The six elements of S; are then: 
ee 2 A a= (5 2 ) b= (5 2 
12 3 233° A 3 1 
(; 2 ,) € 2 ) ({ 2 
c= , d= , e@= ; 
2°43 3.2 1 13 2 


The multiplication table for S, can be written down directly by doing the required 
composition. For example, 


( 2 ) C 2 :) (3 2 ;) 
ac = = =d. 
2 3 1/\2 1 3 3 2 1 


To see this, note thata : 1 — 2,2 — 3,3 ~ 1;c:1-— 2,2 ~ 1,3 — 3,andso 
ac :1—>3,2 >2,3 -1. 

It is somewhat easier to construct the multiplication table if we make some obser- 
vations. First, a = b, and a® = 1. Next, c? = 1,d = ac, e = a’c and, finally, ac = ca’. 

From these relations, the following multiplication table can be constructed: 


2 2 


1 a a Cc ac ac 

1 a oe ae ee 
ala @ 1 aa@c ice 
alae 1 a acc ac 
Cc c ac ac 1 a’ a 
ac | ac c ac a 1 a’ 
ac|a@c ac c @ a 1 


To see this, consider, for example, (ac)a’ = a(ca’) = a(ac) = ac. 
More generally, we can say that S3 has a presentation given by 


S3 = (a,c;@ = c =1,ac = ca’). 


By this, we mean that S; is generated by a,c, or that S, has generators a,c. Thus, 
the whole group and its multiplication table can be generated by using the relations 
a =c? =1,ac = ca’. 


An important result, the form of which we will see later in our work on extension 
fields, is the following: 


Lemma 7.3.7. Let T bea set and T, c T a subset. Let H be the subset of S; that fixes each 
element of T,; thatis, f ¢ H if f(t) =tfor allt ¢ T,. Then H is a subgroup. 


Proof: We have H # @ since 1 € H. Now suppose h,,h, € H. Let t, € T,, and consider 
hy ° ho(t,) = hy(hp(t,)). Now ho(t,) = t, since hy € H, but then h,(t,) = t, since h, € H. 
Therefore, h, ° hy ¢ H, and H is closed under composition. If h, fixes t,, then h, 1 also 
fixes t,. Thus, H is also closed under inverses and is, therefore, a subgroup. 
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We now apply these ideas of permutations to certain polynomial rings in indepen- 
dent indeterminates over a field. We will look at these in detail in Chapter 11. 


Definition 7.3.8. Let y,,...,y, be (independent) indeterminates over a field K. A poly- 
nomial f(y1,.-.,Yn) € K[y,--->¥n] is a symmetric polynomial in y,,...,Yn iff (Y1,.--5Yn) 
is unchanged by any permutation o of {y,..., Yn} fOp---»Yn) =f(O(4),---sF(Vy))- 

If K c K’ are fields and a,,...,a, are in K’, then we call a polynomial f (a;,...,a,) 
with coefficients in K symmetric in a,,...,@, iff (a,,..., @,) is unchanged by any permu- 
tation o of {a,..., Ap}. 


Example 7.3.9. Let K bea field and Ko, k, € K. Let A(yy, yo) = Ko(y1 +2) + ky(yiy2). There 
are two permutations on {y;, y2}, namely, 0; : y; > Y1, y2 > y2 and Op : yy > Yo, V2 7 Y4- 
Applying either one of these two to {y,, yo} leaves h(y,, y,) invariant. Therefore, h(y,, yz) 
is asymmetric polynomial. 


Definition 7.3.10. Let x,y,,...,y, be indeterminates over a field K (or elements of an 
extension field K’ of K). Form the polynomial p(x, y1,...,Yn) = (X —y1)-+: (X — yp). The 
i-th elementary symmetric polynomial s; in y,,...,Y, for i = 1,...,n, is (-1)'a;, where q; 
is the coefficient of x"! in p(x, yy, ....Yn)- 


Example 7.3.11. Consider yj, yz, y3. Then 


P(X Vp YorV3) = (X — Wy)(X — Yo)(X — Wy) 
=X° = (Vy +2 +Y3)X" + V2 + Ys + YoVs)X — Yas. 

Therefore, the three elementary symmetric polynomials in y,, yz, y3 over any field 
are 
(1) sy = yy + Y2 + Y3- 
(2) $2 = Yo + V3 + YaYs- 
(3) $3 = 23. 

In general, the pattern of the last example holds for y,,...,y,,. That is, 


Sy =z +24" +n 
S2 = Yi2 + Yi3 +++ + Yn-n 
$3 = YY2V3 + Va + °° + Yn-Wn-Wn 


Sn =Y1°°*Yn- 


The importance of the elementary symmetric polynomials is that any symmetric 
polynomial can be built up from the elementary symmetric polynomials. We make this 
precise in the next theorem called the fundamental theorem of symmetric polynomials. 
We will use this important result several times, and we will give a complete proof in 
Section 7.4. 
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Theorem 7.3.12 (Fundamental theorem of symmetric polynomials). If P is a symmetric 
polynomial in the indeterminates y,,...,Y, over a field K; that is, P € K[y,,...,Y,] and P 
is symmetric, then there exists a unique g € K[yy,...,Yn] with f (Vy, ---5Yn) = &(Sp-- +> Sp) 
That is, any symmetric polynomial in y,,...,Y; is a polynomial expression in the elemen- 
tary symmetric polynomials in y1,..., Yn. 


From this theorem, we obtain the following two lemmas, which will be crucial in 
our proof of the fundamental theorem of algebra. 


Lemma 7.3.13. Let p(x) € K[x], and suppose p(x) has the zeros ay, ...,@, in the splitting 
field K’. Then the elementary symmetric polynomials in a,,...,@, are in K. 


Proof. Suppose p(x) = Cy + CX +-+++¢,X" € K[Xx]. Since p(x) splits in K' [x], with zeros 
Qy,...,Q,, we have that, in K’[x], 


P(X) = Cy (K — Gy) +++ (X — ay). 


The coefficients are then ¢,(—1)'s;(ay,..-+Gn)s where the s;(a;,...,;@,) are the ele- 
mentary symmetric polynomials in a,,...,a,. However, p(x) € K[x], so each coefficient 
is in K. It follows then that for each i, c,(—1)'s,(a,, .++yQy) € K; hence, s;(ay,...,a,) € K 
since c, € K. 


Lemma 7.3.14. Let p(x) € K[x], and suppose p(x) has the zeros a,,...,@, in the split- 
ting field K’. Suppose further that g(x) = g(X,Q,,...,d,) € K' [x]. If g(0 is a symmetric 
polynomial in ay,...,Qp, then g(x) € K[x]. 


Proof: If g(x) = g(x, a,...,@,) is symmetric in a,,..., a, then from Theorem 7.3.12, it is 
a symmetric polynomial in the elementary symmetric polynomials in q,,...,a@,. From 
Lemma 7.3.13, these are in the ground field K, so the coefficients of g(x) are in K. There- 
fore, g(x) € K[x]. 


We now present a proof of the fundamental theorem of algebra. 


Theorem 7.3.15 (Fundamental theorem of algebra). Any nonconstant complex polyno- 
mial has a complex zero. In other words, the complex number field C is algebraically 
closed. 


The proof depends on the following sequence of lemmas. The crucial one now is the 
last, which says that any real polynomial must have a complex zero. 


Lemma 7.3.16. Any odd-degree real polynomial must have a real zero. 


Proof. This is a consequence of the intermediate value theorem from analysis. 
Suppose P(x) € R[x] with deg P(x) = n = 2k +1, and suppose the leading coefficient 
a, > 0 (the proof is almost identical if a, < 0). Then 


P(x) = a,x" + (lower terms), 
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and n is odd. Then, 
(1) lim,_,,, P(x) = lim a,X" = co since a, > 0. 
(2) limy_,_99 P(X) = limy_,_45 ,X" = —00 since a, > 0 and nis odd. 


X00 


From (1), P(x) gets arbitrarily large positively, so there exists an x, with P(x;) > 0. Simi- 
larly, from (2) there exists an x, with P(x) < 0. 

A real polynomial is a continuous real-valued function for all x € R. Since 
P(xX,)P(X)) < 0, it follows from the intermediate value theorem that there exists an 
X3, between x, and x,, such that P(x3) = 0. 


Lemma 7.3.17. Any degree-two complex polynomial must have a complex zero. 


Proof. This is a consequence of the quadratic formula and of the fact that any complex 
number has a square root. 
If P(x) = ax? + bx +c, a ¢ 0, then the zeros formally are 


—b + vb — 4ac —b — vb -— 4ac 
1~ 2a a 2a : 


From DeMoivre’s theorem, every complex number has a square root; hence, x,, x, exist 
in C. They of course are the same if b? — 4ac = 0. 


To go further, we need the concept of the conjugate of a polynomial and some 
straightforward consequences of this idea. 


Definition 7.3.18. If P(x) = dy + --- + a,x” is a complex polynomial then its conjugate 
is the polynomial P(x) = Gp + --- + @,x". That is, the conjugate is the polynomial whose 
coefficients are the complex conjugates of those of P(x). 


Lemma 7.3.19. For any P(x) € C[x], we have the following: 
(1) P(z) =P) ifzeC. 

(2) P(x) is areal polynomial if and only if P(x) = P(x). 

(3) If P(x)Q(x) = H(x), then H(x) = (P(x))(Q(x)). 


Proof. (1) Suppose z € C and P(z) = dy +--- + a,z”. Then 


P(Z) = Gy +++ +G,2" = Gy + @Z+---+G,2" = PZ). 


(2) Suppose P(x) is real, then a; = q; for all its coefficients; hence, P(x) = P(x). 
Conversely, suppose P(x) = P(x). Then a; = @; for all its coefficients; hence, a; ¢ R for 
each a;; therefore, P(x) is a real polynomial. 

(3) The proof is a computation and left to the exercises. 


Lemma 7.3.20. Suppose G(x) € C[x]. Then H(x) = G(x)G(x) € R[x]. 
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Proof. H(x) = G(x)G(x) = G(x)G(x) = G(x)G(Xx) = G(x)G(x) = H(x). Therefore, H(x) isa 
real polynomial. 


Lemma 7.3.21. Ifevery nonconstant real polynomial has a complex zero, then every non- 
constant complex polynomial has a complex zero. 


Proof: Let P(x) € C[x], and suppose that every nonconstant real polynomial has at least 
one complex zero. Let H(x) = P(x)P(x). From Lemma 7.3.20, H(x) € R[x]. By supposition 
there exists aZ) € C with H(z,)) = 0. Then P(Z9)P(Zo) = 0, and since Cis a field it has no 
zero divisors. 

Hence, either P(Z)) = 0, or P(Zo) = 0. In the first case, Z) is a zero of P(x). In the 
second case, P(z)) = 0. Then from Lemma 7.3.19, P(z)) = P(Zp) = P(Zp) = 0. Therefore, 
Zp is a zero of P(x). 


Now we come to the crucial lemma. 
Lemma 7.3.22. Any nonconstant real polynomial has a complex zero. 


Proof. Let f(x) = ay) +@X+---+a,x" € R[x] withn > 1,a, # 0. The proofis an induction 
on the degree n of f(x). 

Suppose n = 2’"q, where q is odd. We do the induction on m. If m = 0, then f(x) has 
odd degree, and the theorem is true from Lemma 7.3.16. Assume then that the theorem 
is true for all degrees d = 2*q', where k < mand q’ is odd. Now assume that the degree 
of f(x) isn = 2"q. 

Suppose K’ is the splitting field for f(x) over R, in which the zeros are a,,..., @,. We 
show that at least one of these zeros must be in C. (In fact, all are in C, but to prove the 
lemma, we need only show at least one.) 

Let h € Z, and form the polynomial 


H(x) = [ [@ —(Q+ajt ha;q;)). 
i<j 
This is in K’[x]. In forming H(x), we chose pairs of zeros {a;, aj}, SO the number of 
such pairs is the number of ways of choosing two elements out of n = 2"q elements. This 
is given by 
(2M qQ2"q=1) _ oma 


; q(2"q-1) =2""q' 


with q' odd. Therefore, the degree of H(x) is 2”1q’. 

H(x) is a symmetric polynomial in the zeros a,,...,@,. Since a),...,@, are the zeros 
of a real polynomial, from Lemma 7.3.14, any polynomial in the splitting field symmetric 
in these zeros must be a real polynomial. 

Therefore, H(x) € R[x] with degree gig . By the inductive hypothesis, then, H(x) 
must have a complex zero. This implies that there exists a pair {a;, a,} with 


a; + a; + haja; € C. 
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Since h was an arbitrary integer, for any integer h,, there must exist such a pair 
{aj, a} with 


a; + a; + hyaja; € C. 


Now let h, vary over the integers. Since there are only finitely many such pairs 
{a;, a;}, it follows that there must be at least two different integers h,, hy such that 


Z=aj+a+haa;eC, and 2,=a;+a; + hyaja; € C. 


Then 2; — Z2 = (hy — hy)aja; € C, and since hy, hy € Z c C, it follows that aja; € C. 
But then h,a,a; ¢ C, from which it follows that a; + a; ¢ C. Then, 


P(X) = (x - G(x - a;) =x? - (a; + aj) x + Aja; € C[x]. 


However, p(x) is then a degree-two complex polynomial, and so from Lemma 7.3.17, its 
zeros are complex. Therefore, a;,a; € C; thus, f(x) has a complex zero. 


It is now easy to give a proof of the fundamental theorem of algebra. From Lem- 
ma 7.3.22, every nonconstant real polynomial has a complex zero. From Lemma 7.3.21, if 
every nonconstant real polynomial has a complex zero, then every nonconstant complex 
polynomial has a complex zero, proving the fundamental theorem. 


Theorem 7.3.23. If E is a finite-dimensional field extension of C, then E = C. 


Proof. Let a € E. Regard the elements 1,a,a’,.... These elements become linearly de- 
pendent over C, and we get a nonconstant polynomial over C with zero a. By the fun- 
damental theorem of algebra, we know that a € C. 


Corollary 7.3.24. IfE is a finite-dimensional field extension of R, then E = R, or E = C. 


We refer to Section 17.6 where we revisit the fundamental theorem of algebra and 
provide a Galois theoretic proof. 


7.4 The Fundamental Theorem of Symmetric Polynomials 


In the proof of the fundamental theorem of algebra that was given in the previous sec- 
tion, we used the fact that any symmetric polynomial in n indeterminates is a polyno- 
mial in the elementary symmetric polynomials in these indeterminates. In this section, 
we give a proof of this theorem. 

Let R be an integral domain with x,,...,x, (independent) indeterminates over R, 
and let R[x,,...,X,] be the polynomial ring in these indeterminates. Any polynomial 
f(X%p--.5Xp) € RDG,...,X,] is composed of a sum of pieces of the form ax} me with 
a € R. We first put an order on these pieces of a polynomial. 
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The piece ax... xi" with a + 0 is called higher than the piece bx! x/" with b + 0, 
if the first one of the differences i, — j,, i, —jo,...,i) —j, that differs from zero is in fact 
positive. The highest piece of a polynomial f (x,,...,xX;,) is denoted by HG(f). 


Lemma 7.4.1. For f(X1,...5Xn), 804 --->Xn) € RIX... Xy], we have 


HG(fg) = HG(f) HG(g). 


Proof. We use an induction on n, the number of indeterminates. It is clearly true for 
n= 1, and now assume that the statement holds for all polynomials in k indeterminates 
with k < nandn > 2. Order the polynomials via exponents on the first indeterminate x, 
so that 


i 
POG sas) SO Cae Ee Ora Osu) 
shee Qo (Xp, --->Xn) 


s s-1 
&(Xys- 0-5 Xpq) = XTWs (Xs. Xp) +X Ws (Kg -- Xn) 


a Ca Wo (Xq,.-->Xn)- 
Then HG(fg) = x;** HG(@,,). By the inductive hypothesis 
HG(;W5) = HG(@,) HG(y,). 


Hence, 


HG(fg) = x} ** HG(@,) HG(y,) 
= (x} HG(¢,))(x¢ HG(p,)) = HG(f) HG(g). 


The elementary symmetric polynomials in n indeterminates x,,...,X; are: 


Sy = Xp +X_ +++: +Xp 
Sq = XyXq + XyX3 + +++ + Xp_1Xy 


S83 = X4X9X3 + X4X9X4 Se ease Xn-2Xn_-1Xn 


Sp = Xq-°°+Xp- 


These were found by forming the polynomial p(x, X1,...,Xn)) = (X — Xz) +++ (X — X). 
The i-th elementary symmetric polynomial s; in x,,..., x, is then (—1)'a,, where a; is the 
coefficient of x" in p(x, X,...,X,)- 

In general, 

S_ = >. X;,X, 


i Xin ig 
i<ig<-<ik,1lsk<n 


> 
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where the sum is taken over all the (") different systems of indices i,,..., i, with 
iy < i, < +++ < ty. Furthermore, a polynomial s(x,,...,Xx,) is a symmetric polynomial 
if s(x1,...,X,) is unchanged by any permutation o of {x),...,X,}, that is, s(%,...,Xp) = 
S(G(X1),..-, (Xp). 


Lemma 7.4.2. In the highest piece ax cat with a # 0 of a symmetric polynomial 
S(Xq,...5Xy), we have k, > ky >--- > Ky. 


Proof: Assume that k; < kj for some i < j. As a symmetric polynomial, s(x;,...,X;,) also 


; : k kok Uk, Sst, aaa k kj 
must then contain the piece ax,'--- x,’ - GTR", which is higher than ax,*---x;'--- 


k bot ae 
x; . ny giving a contradiction. 


Lemma 7.4.3. The product spotaghs sag hiss with k, > ky > --- > k, has the high- 


: k, k k 
est piece X,'X," ++ +Xp". 


Proof. From the definition of the elementary symmetric polynomials, we have that 
HG(s;,) = 4%), Isksn te. 
From Lemma 7.3.16, 


Ky-ky kok | kn a kn ok 
HG(s) 75, ss SD 


k,-k. k,—-k. Knack, k, 
=X,' *(X4X_)"? ees etre, ary "V(X 0+ Xy)™ 


= ky ky Kn 
=X, Xy ae, , 


Theorem 7.4.4. Let s(x;,...,X,) € R[X,...,X,] be a symmetric polynomial. Then 
S(X1,...,X,) can be uniquely expressed as a polynomial f(s;,...,5,) in the elementary 
symmetric polynomials s;,..., 5, with coefficients from R. 


Proof. We prove the existence of the polynomial / by induction on the size of the highest 
pieces. If in the highest piece of a symmetric polynomial all exponents are zero, then it 
is constant, that is, an element of R. Therefore, there is nothing to prove. 

Now we assume that each symmetric polynomial with the highest piece smaller 
than that of s(x,,...,X,) can be written as a polynomial in the elementary symmetric 


polynomials. Let ax\ te. xp, a # 0, be the highest piece of s(x,,..., X;,). Let 


Ky-Ky | Kn1a-kn 


k 
U(X)... Xp) = SOX... Xp) — AS, 1S ‘io 


Sn 


Clearly, t(x;,...,X,) is another symmetric polynomial, and from Lemma 7.3.19, the 
highest piece of t(x,,...,X,) is smaller than that of s(x,,...,x,,). Therefore, t(x;,...,Xn). 
Hence, S(X1,...,Xy) = t(Xy,...,X_) + ag . pena gia can be written as a polynomial 


in S),...,S,. To prove the uniqueness of this expression, assume that 


S(Xq,--.5Xq) =f(Sys-- 05 Sn) = & (Sp -- +5 Sp): 
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Then 


f(Sp + -5Sn) — & (Sp). + +5 Sq) = A(Sq,...5 Sn) = OO... Xp) 


is the zero polynomial in x;,...,X,. Hence, if we write h(s,,...,5,) as a sum of products 
of powers of the s;,...,S,, all coefficients disappear because two different products of 
powers in the s,,...,s,, have different highest pieces. This follows from the previous set 
of lemmas. Therefore, f and g are the same, proving the theorem. 


7.5 Skew Field Extensions of C and the Frobenius Theorem 


Let V be a R-vector space with dimay(V) = n < oo. We have already seen that as a 
consequence of the Fundamental theorem of algebra that only for n = 1 and n = 2, we 
may provide V with a multiplication such that V becomes a field with respect to the 
addition in V and this multiplication. Up to isomorphisms, we get V = Rifn = 1 and 
V=Cifn=2. 

If we want a suitable multiplication for n > 3, we have to give up some of the rules 
of a field. If all the axioms of a field hold except for the commutativity of multiplication, 
then we have a skew field or division ring. Hence, a division ring is a noncommutative 
ring with identity, in which every nonzero element has a multiplicative inverse. 

Hamilton described for n = 4 a multiplication in V in such a way that V becomes 
a skew field. In his honor, we talk about the Hamiltonian skew field. This skew field is 
denoted by H and is called the quaternions. 

In this section, we want first to describe the skew field H of Hamilton’s quaternions 
and then to prove that ifn > 3, only for n = 4 can we provide V with a multiplication 
such that V becomes a skew field. 

We start with the construction and description of H. Let {1, i, j,k} be a basis of V. The 
addition will be the usual addition in the vector space. We also take scalar multiplication 
by R. The basis element 1 shall be the unit element for the multiplication (as already 
mentioned in the case of the complex numbers, this is not a restriction because any 
nonzero vector in V is a member of a basis). The basis element 1 then should generate 
the embedding of R. 

For i, j, k, we define a multiplication by the following rules of Hamilton: 


2 = j= 2 =-1, 
j=k, jk=i, ki=j, 
jimcks Waa RSS. 


For 


X=XptXl+Xyj+xXsk and y=yotyi+yojt+X3k, 
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we determine the addition and multiplication in V by following basic algebraic manip- 
ulation: 


x +y = (Xo + Yo) + (Xx, +y,)i + (X, + »)j + (x3 + y3)k, 
XY = (Xo — Xi — Xo — XgV3) + Kos + Xo + X23 - XgVa)i 
+ (XqV2 — XpV3 + X2Vo + XgVs)f + XOV3 + XV2 — XY + X3Vo)k. 


Together with this addition and multiplication, V becomes a noncommutative ring with 
unit element 1. For each quaternion 


X =Xy + Xl t+ Xo] + Xsk, 
we define the conjugate quaternion by 

X := Xp — XyL — Xyj — XK. 
We have the rules 


X=x, X+y=X+y, Ax=’X, AER and H=x-y. 


With help of the conjugation, we may now define the norm and the length of a quater- 
nion 


X = Xo t+ Xb + XJ + X3k 


by 


=~ yX = xv =~ x2 4x2 4x2 4x2 = yfy2 4 x2 4 y2 4 2 
WX) =XX=XX = Xt X_+Xy+X_ and = § |x| = yxo+xi+xs+ x2, 


respectively, in analogy to the complex numbers. If x # 0, then we get the multiplicative 
inverse x‘ by x 1 = ., because 


_ X Ex 
Oe eee ee ee ee 


Hence, together with the addition and multiplication, V becomes a skew field, in which 
Rcan be embedded viar + r-1forr eR. 


Theorem 7.5.1. The set of quaternions H is a skew field, which contains both the reals 
and the complexes as subfields. It has dimension 4 as a vector space over R. Furthermore, 
rx = xr for allx € H, andallr € R (considered as elements of H). 


In H, there is an important multiplicative rule for the norm and the length: 
n(xy) =n(x)n(y) and |xy| = [x\ly| for x,y € H. 


This can be shown by an easy calculation. 
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This result on norms in the quaternions provides the general equation in R on sums 
of four squares: 


(x5 4G PIG FIG) G47 495 ANS) = On = Mi = ag = Kava)” 
+ (Xavi + Xo + X23 ~ Xay2)” 
+ (Xoo — X13 + X2Yo + Xa)” 
+ (XqV3 + Xo — Xai + XaYo) 


This equation is one of the bases for the Theorem of Lagrange. 


Theorem 7.5.2 (Theorem of Lagrange). Each natural number n can be written as a sum 
n=@ +h +04+@ 
of four squares with a, b,c,d € Z. 


Hint: We have only to show that (see [53, Chapter 3.2]) if p is a prime number with 
p = 3(mod 4), then p = a’ + b* + c* + @ for some a,b,c, d € Z. A proof of this can be 
found for instance in the book [53]. 


We remark that the skew field HH of the quaternions can be embedded into M(2, C) 
via 


Using this map, a quaternion x = Xp + X,i + X)j + X3k can be considered as a matrix 


Xp tXyi Xy,+Xsi\ (w Zz 
te +Nal” Xp 7 & a) 
with w =X) + xX,i€ Cand z = x, + X31 € C. 

We have shown that the quaternions form a skew field of degree 4 over the real 
numbers. We ask whether there can be other finite degree skew field extensions of R. 
Let V be a R-vector space of dimg(V) = n < oo. For which n, we may provide V with 
a multiplication such that V with the vector addition and this multiplication becomes a 
field, or a skew field. 

We remark that some nonzero vector in V has to be the unit element 1; therefore, 
we automatically have an embedding R > V. 

Let n > 2. Since the irreducible polynomials from R[x] have degree 1 or 2, then 
under the existence of such a multiplication, each element a € V, which is not in R 
(considered as a subset of V), must be a zero of a quadratic polynomial from R[x]. 
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We now assume that we have in V a multiplication such that V, together with the 
addition in V and this multiplication, is a field or a skew field. 

If n = 2, we get the field C of the complex numbers. 

Now, let n = 3. Using analogous thoughts as for the implementation of C, we may 
construct in two steps a basis {1, i, /} of V such that 1 is the unit element of V, and i = j* = 
—1. Recall that a two-dimensional subspace of V has to be isomorphic to C as a subfield 
of V. 

Let k = jj. Since dimg(V) = 3, we must have k = a, + Dyi + cj with a,,b;,c, € R. 
Multiplication from the left with i results in 


-j = ai = b, a Ck = ai = b; SE C1 (Ay Be Dyi oe Cj), 


and since 1, i,j are linearly independent, therefore, we get G = -1, which is impossible 
in R. Therefore, the case n = 3 is not possible. 

If n = 4, we may construct in V three linearly independent elements 1, i, j such that 
1 is the unit element of V, and i” = j” = -1. Certainly jj is linearly independent from 1, i 
and j, because otherwise, we get a contradiction as in the case n = 3. Also ji is linearly 
independent from 1, i and j. Nowi +/j and i -j are both zeros of quadratic polynomials 
over R; that is, there exists rj, $, 7, S) € Rwith 


(i+jP+rit+j)+s,=0 and (i-/)* +r,(i-j) +s, =0. 


If we add these equations, we see that r,; = r, = 0; therefore, we get from the first 
equation that ij + ji = c € R. Here, we used that 1,i andj are linearly independent. 
Now, we may replace j by j + i, which gives 


(s+ $i) +(i+ $i)i=0 
ee ae a i 


Since the subspace of V generated by 1 and j+ si must, as a field, be isomorphic to C, we 
may normalize j + $ito j, with fe=-t 
We now define k = ij,. Then automatically 


k=ij,=-ji and k? =-1. 


So altogether, we may construct a basis {1, i,j, k} of V such that 1 is the unit element of V, 
and i? = j* = k? = -1,k = ij = -ji. Thereby, V is isomorphic to the skew field H of the 
quaternions. 

Finally, let n > 5. Analogously as for the case n = 4 and the general observation for 
the subfield isomorphic to C, we may construct a basis {1, i,j,k, 1,...} such that 


Papek=-1, k=if=-ji and P=-1. 
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Analogously, as in the case n = 4, we have that i+ 1 and i- 1 are both zeros of quadratic 
polynomials over R. 
Therefore, as in the case n = 4, 


i=liza,eR. 
In the same manner, we get 
jl+U=by)eR and kl+lk=cq,€R. 
We calculate 


Ik = I(i) = a,j - tj = aj - i(b, - jl) 
= Aj — boi + Ul = ayj — doi + Kl 


= Ayj — byi + cy — Ik. 
From this, we get 
alk = a,j — bait cy. 
Multiplication with k from the right gives 
—21 = agi + DoJ + Cok, 


because jk = i, and ik = -j. 

This means that | is linearly dependent of {1, i,j,k}, which is not the case. This con- 
tradiction shows that n = 5 is not possible. 

Altogether, we have proven the following theorem: 


Theorem 7.5.3 (Frobenius Theorem). Let V be an R-vector space, dimg(V) = n < oo. 
Let V be provided in addition with a multiplication, such that V together with the vector 
addition and the multiplication is a field or a skew field. 

Then n = 1,2 or 4. In particular, ifn = 1 then V is isomorphic to R, ifn = 2, then V is 
isomorphic to C, and ifn = 4 then V is isomorphic to H. 


7.6 Exercises 


1. Let f,g € K[x] be irreducible polynomials of degree 2 over the field K. Let a,, a, 
(respectively, B,, 8.) be zeros of f and g. For 1 < i,j < 2, let vj = a; + B;. Show the 
following: 

(a) |K(vy) : Kl € {1,2,3, 4}. 
(b) For fixed /, g, there are at most two different degrees in (a). 
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10. 


11. 


(c) Decide which sets of combinations of degrees in (b) (with f, g variable) are pos- 
sible, and give an example in each case. 

Let L|K be a field extension; let v « L and f(x) € L[x], a polynomial of degree > 1. 

Let all coefficients of f(x) be algebraic over K. If f(v) = 0, then v is algebraic over K. 

Let L|K be a field extension, and let M be an intermediate field. The extension M|K 

is algebraic. For v ¢€ L, the following are equivalent: 

(a) vis algebraic over M. 

(b) vis algebraic over K. 

Let L|K be a field extension and vj, v, € L. Then the following are equivalent: 

(a) v, and v, are algebraic over K. 

(b) vy + v, and v,v, are algebraic over K. 

Let L|K be a simple field extension. Then there is an extension field L’ of L of the 

form L’ = K(v,, v,) with the following: 

(a) v, and v, are transcendental over K. 

(b) The set of all over K algebraic elements of L’ is L. 

In the proof of Theorem 7.1.4, show that the mapping 


t: K(a) > K(q), 


defined by t(k) = kifk € K and t(a) = a, and then extended by linearity, is a 
K-isomorphism. 

Prove Lemma 7.2.8. 

If T, T, are sets with the same cardinality, then there exists a bijectiono : T > T. 
Define a map F : Sp — Sr, in the following manner: if f ¢ Sp, let F(f) be the 
permutation on T; given by F(f)(t,) = o(f(o 1(t,))). Prove that F is an isomorphism. 
Let P(X), Q(x), H(x) € C. Show that P(x)Q(x) = H(x) implies H(x) = (P(x))(Q(x)). 
Show the multiplicative rule for the norm and the length for the quaternions: 


n(xy) =n(x)n(y) and |xy| = |x|[y| for x,y e H. 


Determine all irreducible polynomials over R. Factorize f(x) € R[x] in irreducible 
polynomials. 


8 Splitting Fields and Normal Extensions 


8.1 Splitting Fields 


In the last chapter, we introduced splitting fields and used this idea to present a proof of 
the fundamental theorem of algebra. The concept of a splitting field is essential to the 
Galois theory of equations. Therefore, in this chapter, we look more deeply at this idea. 


Definition 8.1.1. Let K be a field and f(x) a nonconstant polynomial in K [x]. An exten- 
sion field L of K is a splitting field for f(x) over K if the following hold: 

(a) f(x) splits into linear factors in L[x]. 

(b) Kc McLandM ¢ L, resulting in f(x) not splitting into linear factors in M [x]. 


From part (b) in the definition, the following is clear: 


Lemma 8.1.2. L is a splitting field for f(x) € K[x] if and only if f(x) splits into linear 
factors in L[x], and if f (x) = b(x - a,)--- (x - a,) with b ¢€ K, then L = K(q,,...,a,). 


Example 8.1.3. The field C of complex numbers is a splitting field for the polynomial 
p(x) = x? + 1in R[x]. In fact, since C is algebraically closed, it is a splitting field for any 
real polynomial f(x) € R[x], which has at least one nonreal zero. 

The field Q(i) adjoining i to Q is a splitting field for x? +1 over Q[x]. 


The next result was used in the previous chapter. We restate and reprove it here. 


Theorem 8.1.4. Let K bea field. Then each nonconstant polynomial in K[x] has a splitting 
field. 


Proof. Let K be an algebraic closure of K. 
Then f(x) splits in K[x]; that is, f(x) = b(x - a,)---(x — a,) with b « K anda; € K. 
Let L = K(a,,...,a,). Then L is the splitting field for f(x) over K. 


We next show that the splitting field over K of a given polynomial is unique up to 
K-isomorphism. 


Theorem 8.1.5. Let K, K’ be fields and @ : K — K' an isomorphism. Let f(x) be a non- 
constant polynomial in K[x] and f'(x) = $(f (x)) its image in K' [x]. Suppose that L is a 
splitting field for f (x) over K, and L' is a splitting field for f'(x) over K'. 

(a) Suppose that L' c L". Then, if} : L — L" is amonomorphism with p= ¢, then p 
is an isomorphism from L onto L'. Moreover, p maps the set of zeros of f (x) in L onto 
the set of zeros of f'(x) in L'. The map w is uniquely determined by the values of the 
zeros Of f (x). 

(b) If g(x) is an irreducible factor of f(x) in K[x], ais a zero of g(x) in L, and a’ is a zero 
of g'(x) = 6(g(x)) in L’, then there is an isomorphism ¥ from L to L' with y,, = @ and 
pa) = y(a’). 


https://doi.org/10.1515/9783111142524-008 


114 — = 8 Splitting Fields and Normal Extensions 


Before giving the proof of this theorem, we note that the following important result 
is a direct consequence of it: 


Theorem 8.1.6. A splitting field for f(x) € K[x] is unique up to K-isomorphism. 
Proof of Theorem 8.1.5. Suppose that f(x) = b(x -a,)---(x-—a,) € L[x] and suppose that 
f' (9) =b' (x —a))--- (x — a},) € L'[x]. Then 


f°) = OF) = WF OO) = (WD) (x ~ Bla) + = Pn). 


We have proved that polynomials have unique factorization over fields. Since L' c L", 
it follows that the set of zeros ((a,),...,(a,)) is a permutation of the set of zeros 
(a;,...,a},). In particular, this implies that y(a;) € L'; thus, 


im(p) = L’ = K'(a,,...,@)). 
Since the image of p is K'(a,,...,a/,) = K'(W(a,),..., (ay), it is clear that p is uniquely 
determined by the images w(a;). This proves part (a). 
For part (b), embed L’ in an algebraic closure L”. Hence, there is a monomorphism 


¢' : K(a) > L" 


with ¢) = @and ¢'(a) = a’. Hence, there isa monomorphism y : L > L" with y,,,. = ¢. 
Then from part (a), it follows that y : L > L' is an isomorphism. 


Example 8.1.7. Let f(x) = Te Q[x]. This has no zeros in Q, and since it is of degree 3, 


it follows that it must be irreducible in Q[x]. 
Let w = -5 + BEF € C. Then it is easy to show by computation that w* = —5 - a8; 


and w® = 1. Therefore, the three zeros of f(x) in C are as follows: 


ay _ 71/3 
Ay = pe 
a3 = eres 


Hence, L = Q(Qj, dy, a3), the splitting field of f(x). Since the minimal polynomial of 
all three zeros over Q is the same f(x), it follows that 


Q(a,) = Q(az) = Q(as). 


Since Q(a,) ¢ Rand a, a3 are nonreal, it is clear that a),a3 ¢ Q(a,). Suppose that 
Q(a) = Q(az). Then w = a3a;' € Qa), and so 7? = w ta, € Q(ay). Hence, Q(a,) ¢ 
Q(a,); therefore, Q(a,) = Q(ay) since they have the same degree over Q. This contra- 
diction shows that Q(a,) and Q(as3) are distinct. 
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By computation, we have a, = aja}; hence, 
L = Q(a), a, 03) = Q(ay, dy) = Q(T”, w). 
Now the degree of L over Q is 
IL: Q| = |Q(7"°, «w) : Qw)||QW) : Ql. 


Now |Q(w) : Q| = 2since the minimal polynomial of w over Q is x?4+x4+1. Since no zero 

of f(x) lies in Q(w), and the degree of f(x) is 3, it follows that f(x) is irreducible over 

Q(w). Therefore, we have that the degree of L over Q(w) is 3. Hence, |L : Q| = (2)(3) = 6. 
We now have the following lattice diagram of fields and subfields: 


Q(a1) Q(a2) Q(az3) Q(w) 
NY ca 
> 5 
Q 


We do not know however if there are any more intermediate fields. There could, 
for example, be infinitely many. However, as we will see when we do the Galois theory, 
there are no others. 


8.2 Normal Extensions 


We now consider algebraic field extensions L of K, which have the property that if f(x) € 
K [x] has a zero in L, then f(x) must split in L. In particular, we show that if L is a splitting 
field of finite degree for some g(x) € K[x], then L has this property. 


Definition 8.2.1. A field extension L of a field K is a normal extension if the following 

hold: 

(a) L|K is algebraic. 

(b) Each irreducible polynomial f(x) € K [x] that has a zero in L splits into linear factors 
in L[x]. 


Note, in Example 8.1.7, the extension fields Q(a;)|Q are not normal extensions. Al- 
though f(x) has a zero in Q(q;), the polynomial f(x) does not split into linear factors in 
Q(a;,)[x]. 


116 — = 8 Splitting Fields and Normal Extensions 


We now show that L|K is a finite normal extension if and only if L is the splitting 
field for some f(x) € K[x]. 


Theorem 8.2.2. Let L|K be a finite extension. Then the following are equivalent: 

(a) LIK is anormal extension. 

(b) LIK is a splitting field for some f(x) € K [x]. 

(c) IfL cL' andw:L > L' isamonomorphism with y,,, the identity map on K, then 
is an automorphism of L; that is, W(L) = L. 


Proof. Suppose that L|K is a finite normal extension. Since L|K is a finite extension, L is 
algebraic over K, and since of finite degree, we have L = K(dj,...,a,) with a; algebraic 
over K. 

Let f;(x) € K[x] be the minimal polynomial of a;. Since L|K is a normal extension, 
f,(X) splits in L[x]. This is true for eachi = 1,...,n. Let f(x) = ff) fx(x)---f,). Then 
f(&%) splits into linear factors in L[x]. Since K = K(aj,...,@,), the polynomial f(x) cannot 
have all its zeros in any intermediate extension between K and L. Therefore, L is the 
splitting field for f(x). Hence, (a) implies (b). 

Now suppose that L c L’ and p : L > L' isa monomorphism with y,, the identity 
map on K. Then the extension field y(L) of K is also a splitting field for f(x) since y,. 
is the identity on K. Hence, w maps the zeros of f(x) in L c L’ onto the zeros of f (x) in 
W(L) c L’, and thus it follows that (L) = L. Hence, (b) implies (c). 

Finally, suppose (c). Hence, we assume that if L c L' and: L > L’ is a monomor- 
phism with y,,, the identity map on K, then y is an automorphism of L; that is, p(L) = L. 

As before L|K is algebraic since L|K is finite. Suppose that f(x) € K [x] is irreducible 
and that a € Lis a zero of f(x). There are algebraic elements a;,...,a, € LwithL = 
K(qa,,...,@,) since L|K is finite. Fori = 1,...,n, let f;(x) ¢ K[x] be the minimal polynomial 
of a;, and let g(x) = f (x)f,(x) -- +f, (x). Let L’ be the splitting field of g(X). Clearly, L c L’. 
Let b € L’ bea zero of f(x). From Theorem 8.1.5, there is an automorphism y of L' with 
(a) = b and y,,, the identity on K. Hence, by our assumption, y, is an automorphism 
of L. It follows that b € L; hence, f(x) splits in L[x]. Therefore, (c) implies (a), completing 
the proof. 


To give simple examples of normal extensions, we have the following: 
Lemma 8.2.3. IfL is an extension of K with |L : K| = 2, then L is anormal extension of K. 


Proof. Suppose that |L : K| = 2. Then L|K is algebraic since it is finite. 

Let f(x) € K[x] be irreducible with leading coefficient 1, and which has a zero 
in L. Let a be one zero. Then f(x) must be the minimal polynomial of a. However, 
deg(m,(x)) < |Z : K| = 2; hence, f(x) is of degree 1 or 2. Since f(x) has a zero in L, it fol- 
lows that it must split into linear factors in L[x]; therefore, L is a normal extension. 


Later, we will tie this result to group theory when we prove that a subgroup of in- 
dex 2 must be a normal subgroup. 
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Example 8.2.4. Asa first example of the lemma, consider the polynomial f(x) = x?-2. In 
R, this splits as (x— V2)(x+ V2); hence, the field Q( v2) is the splitting field of f(x) = x?-2 
over Q. Therefore, Q(V2) is anormal extension of Q. 


Example 8.2.5. As a second example, consider the polynomial x* — 2 in Q[x]. The zeros 
in C are 


gua oa; quae gi/4js. 
Hence, 
i Q(2!/4 gla; 94,2 21/433) 


is the splitting field of x* — 2 over Q. 
Now 


ie Q(2"/4 gi/4; 91/4;2 2/43) =e Q(2"/4 i). 
Therefore, we have 
IL: Q| = |L: Q(2")|Q(2"*) : Q|. 


Since x* — 2 is irreducible over Q, we have |Q(2'/*) : Q| = 4. Since i has degree 2 over 
any real field, we have |L : Q(2'/*)| = 2. Therefore, L is a normal extension of Q(2"*), 
and x” — v2 € Q(-v2)[x] has the splitting field Q(2'/*). 

Altogether, we have that LIQ(2/ =). Q(2 41 Q(2/ 2, Q(2 1Q, and L|Q are normal 
extensions. However, Q(2 YQ is not normal since 2"/* is a zero of x* — 2, but Q(2" Py 
does not contain all the zeros of x* — 2. 

Hence, we get the following Figure 8.1. 


la L 


normal 


Q(V2) 


normal normal 


Q (v2) not normal 


| normal 


\ Q 


Figure 8.1: Normal extensions. 
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8.3 Exercises 


1. 


Determine the splitting field of f(x) € Q[x] and its degree over Q in the following 

cases: 

(a) f(x) = x*—p, where pis a prime. 

(b) f(x) = x? - 2, where p is a prime. 

Determine the degree of the splitting field of the polynomial x*+4 over Q. Determine 

the splitting field of x° + 4x* + 4x? + 3 over Q. 

For eacha € Z, let f,(x) = Go Say a (a — 3)x +1 € Q[X] be given: 

(a) f, is irreducible over Q for eacha € Z. 

(b) If b € Risa zero of f,, then also (1 — b)* and (b — 1)b™' are zeros of f,. 

(c) Determine the splitting field L of f,(x) over Q and its degree |L : Q|. 

Let K be a field and f(x) € K[x] a polynomial of degree n. Let L be a splitting field 

of f(x). Show the following: 

(a) Ifa,,...,a, € Lare the zeros of f, then |K(qy,...,a,;) : K| < n-(n-1)---(n-t+1) 
for each t with1< t <n. 

(b) L over K is of degree at most n!. 

(c) Iff(x) is irreducible over K, then n divides |L : K]. 


9 Groups, Subgroups and Examples 


9.1 Groups, Subgroups and Isomorphisms 


Recall from Chapter 1 that the three most commonly studied algebraic structures are 
groups, rings and fields. We have now looked rather extensively at rings and fields. In 
this chapter, we consider the basic concepts of group theory. Groups arise in many differ- 
ent areas of mathematics. For example they arise in geometry as groups of congruence 
motions, and in topology as groups of various types of continuous functions. Later in 
this book, they will appear in Galois theory as groups of automorphisms of fields. First, 
we recall the definition of a group given previously in Chapter 1. 


Definition 9.1.1. A group G is a set with one binary operation, which we will denote by 

multiplication, such that 

(1) The operation is associative; that is, (212) 83 =2)(2083) for all 2), 85,83 €G. 

(2) There exists an identity for this operation; that is, an element 1 such that 1g = g and 
gi=gforeachg €G. 

(3) Each g € Ghas an inverse for this operation; that is, for each g, there exists ag? 
with the property that gg! =1, and g 4g =1. 


If, in addition, the operation is commutative; that is, 2,2) = 80g; for all g),g5 € G, the 
group G is called an Abelian group. 

The order of G, denoted |G|, is the number of elements in the group G. If |G| < ov, 
G is a finite group, otherwise, it is an infinite group. 


It follows easily from the definition that the identity is unique, and that each element 
has a unique inverse. 


Lemma 9.1.2. If G is a group, then there is a unique identity. Furthermore, if g ¢€ G, its 
inverse is unique. Finally, if g,,g € G, then (g,8)) * = & 197 a 


Proof. Suppose that 1 and e are both identities for G. Then 1e = e since 1 is an identity, 
and le = 1 since e is an identity. Therefore, 1 = e, and there is only one identity. 
Next suppose that g € G, g,, and g, are inverses for g. Then 


81882 = (81882 = 182 = 82 
since g,g = 1. On the other hand, 


81882 = 81(882) = S11 = 8 


since gg, = 1. It follows that g; = go, and g has a unique inverse. 
Finally, consider 


(8182)(82 81) = 81(8282 81 = S181 = 818 = 1. 
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Therefore, 2, gr 1 is an inverse for g,g>, and since inverses are unique, it is the inverse 


of the product. 


Groups most often arise as permutations on a set. We will see this, as well as other 
specific examples of groups, in the next sections. 

Finite groups can be completely described by their group tables or multiplication 
tables. These are sometimes called Cayley tables. In general, let G = {g;,...,g,} bea 
group, then the multiplication table of G is 


&1 8 *'' §& **° &n 
81 eee 
&2 
8i eee Per eee 818} 
En 


The entry in the row of g; € G and column of g; ¢€ G is the product (in that order) 
Sig) inG. 
Groups satisfy the cancellation law for multiplication. 


Lemma 9.1.3. If Gis a group and a,b,c € G with ab = ac or ba = ca, thenb = c. 


Proof. Suppose that ab = ac. Then a has an inverse a‘, so we have 
a'(ab) = a”‘(ac). 
From the associativity of the group operation, we then have 


(a‘a)b=(a ‘ajc = 1-b=1-c = bec. 


A consequence of Lemma 9.1.3 is that each row and each column in a group table is 
just a permutation of the group elements. That is, each group element appears exactly 
once in each row and each column. 

A subset H c Gis a subgroup of G if H is also a group under the same operation 
as G. As for rings and fields, a subset of a group is a subgroup if it is nonempty and 
closed under both the group operation and inverses. 


Lemma 9.1.4. 1. A subset H c Gis a subgroup if H # 9, and H is closed under the 
operation and inverses. That is, if a,b €¢ H, then ab € H, anda',b' € H. 

2. Anonempty subset H ofa group Gis a subgroup if and only ifab"' € H foralla,b € H. 
In addition, if G is finite, then H is a subgroup if and only if ab € H for alla,b € H. 


We leave the proof of this to the exercises. 
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Let G be a group and g «€ G; we denote by g”, n € N, as with numbers, the product 
of g taken n times. A negative exponent will indicate the inverse of the positive expo- 
nent. As usual, let g° = 1. Clearly, group exponentiation will satisfy the standard laws of 
exponents. Now consider the set 


H={l=g.. 38.858 5..4 
of all powers of g. We will denote this by (g). 


Lemma 9.1.5. IfG is a group and g ¢ G, then (g) forms a subgroup of G called the cyclic 
subgroup generated by g. (g) is Abelian, even if G is not. 


Proof. If g < G, then g ¢ (g); hence, (g) is nonempty. Suppose then that a = g", b = 
g”™ are elements of (g). Then ab = g"g™ = g™'™ © (g), so (g) is closed under the 
group operation. Furthermore, a! = (g") 1 = g" € (g) so (g) is closed under inverses. 
Therefore, (g) is a subgroup. 
Finally, ab = g"g™ = g™*™ 


m+n 


g g’"g" = ba; hence, (g) is Abelian. 


Suppose that g « Gand g”™ = 1for some positive integer m. Then let n be the smallest 
positive integer such that g” = 1. It follows that the set of elements {1,¢,g7,...,g” 1} are 
all distinct, but for any other power g*, we have g* = g‘ for some k = 0,1,...,n—1(see 
exercises). The cyclic subgroup generated by g then has order n, and we say that g has 
order n, which we denote by o(g) = n. If no such n exists, we say that g has infinite order. 
We will look more deeply at cyclic groups and subgroups in Section 9.5. 

We introduce one more concept before looking at examples. 


Definition 9.1.6. If G and H are groups, then a mapping f : G — H is a (group) homo- 
morphism if f (£18) = f(g1)f(g2) for any g;, 2 € G. Iff is also a bijection, then it is an 
isomorphism. 


As with rings and fields, we say that two groups G and H are isomorphic, denoted 
by G = H, if there exists an isomorphism f : G — H. This means that, abstractly, G and 
H have exactly the same algebraic structure. 


9.2 Examples of Groups 


As already mentioned, groups arise in many diverse areas of mathematics. In this sec- 
tion and the next, we present specific examples of groups. 

First of all, any ring or field under addition forms an Abelian group. Hence, for 
example, (Z, +), (Q, +), (R, +), (C, +), where Z, Q, R, C are respectively the integers, the 
rationals, the reals, and the complex numbers; all are infinite Abelian groups. If Z,, is 
the modular ring Z/nZ, then for any natural number n, (Z,, +) forms a finite Abelian 
group. In Abelian groups, the group operation is often denoted by + and the identity 
element by 0 (zero). 
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In a field K, the nonzero elements are all invertible and form a group under mul- 
tiplication. This is called the multiplicative group of the field K and is usually denoted 
by K*. Since multiplication in a field is commutative, the multiplicative group of a field 
is an Abelian group. Hence, Q*, R*, C* are all infinite Abelian groups, whereas if p is 
a prime, Zy forms a finite Abelian group. Recall that if p is a prime, then the modular 
ring Z, isa field. 

Within Q*, R*, C*, there are certain multiplicative subgroups. Since the positive 
rationals Q, and the positive reals R, are closed under multiplication and inverse, they 
form subgroups of Q* and R*, respectively. In C, if we consider the set of all complex 
numbers z with |z| = 1, these form a multiplicative subgroup. Further within this sub- 
group, if we consider the set of n-th roots of unity z (that is z” = 1) for a fixed n, this 
forms a subgroup, this time of finite order. 

The multiplicative group of a field is a special case of the unit group of a ring. If R 
is a ring with identity, recall that a unit is an element of R with a multiplicative inverse. 
Hence, in Z, the only units are +1, whereas in any field every nonzero element is a unit. 


Lemma 9.2.1. If R is a ring with identity, then the set of units in R forms a group under 
multiplication called the unit group of R, and is denoted by U(R). If R is a field, then 
U(R)=R*. 


Proof. Let R be a ring with identity. Then the identity 1 itself is a unit, so1 ¢ U(R); hence, 
U(R) is nonempty. If e € Ris a unit, then it has a multiplicative inverse e”'. Clearly then, 
the multiplicative inverse has an inverse, namely, e so eteU (R) if e is. Hence, to show 
U(R) is a group, we must show that it is closed under product. 

Let e,,e, ¢ U(R). Then there exist e;', e;'. It follows that e;'e," is an inverse for e,e). 
Hence, e,e, is also a unit, and U(R) is closed under product. Therefore, for any ring R 


with identity U(R) forms a multiplicative group. 


To present examples of non-Abelian groups, we turn to matrices. If K is a field, we 
let 


GL(n, K) = {n x n matrices over K with nonzero determinant} 
and 
SL(n, K) = {n x n matrices over K with determinant one}. 


Lemma 9.2.2. If K is a field, then for n > 2, GL(n, K) forms a non-Abelian group under 
matrix multiplication, and SL(n, K) forms a subgroup. 

GL(n, K) is called the n-dimensional general linear group over K, whereas SL(n, K) is 
called the n-dimensional special linear group over K. 


Proof. Recall that for two n x n matrices A and B with n = 2 over a field, we have 
det(AB) = det(A) det(B) where det is the determinant. 
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Now for any field, the n x n identity matrix J has determinant 1; hence, J € GL(n, K). 
Since the determinant is multiplicative, the product of two matrices with nonzero de- 
terminant has nonzero determinant, so GL(n, K) is closed under product. Furthermore, 
over a field K, if A is an invertible matrix, then det(A‘) = aan: 

Therefore, if A has nonzero determinant, so does its inverse. It follows that GL(n, K) 
has the inverse of any of its elements. Since matrix multiplication is associative, it fol- 
lows that GL(n, K) forms a group. It is non-Abelian since in general matrix multiplica- 
tion is noncommutative. SL(n, K) forms a subgroup of GL(n, K) because det(A~!) =1if 


det(A) =1. 


Groups play an important role in geometry. In any metric geometry, an isometry is 
a mapping that preserves distance. To understand a geometry, one must understand the 
group of isometries. We look briefly at the Euclidean geometry of the plane €”. 

An isometry or congruence motion of €” is a transformation or bijection T of €? that 
preserves distance; that is, d(a, b) = d(T(a), T(b)) for all points a, b € bgt 


Theorem 9.2.3. The set of congruence motions of €” forms a group called the Euclidean 
group. We denote the Euclidean group by €. 


Proof. The identity map J is clearly an isometry, and since composition of mappings is 
associative, we need only to show that the product of isometries is an isometry, and that 
the inverse of an isometry is an isometry. 

Let T, U be isometries. Then d(a,b) = d(T(a), T(b)) and d(a, b) = d(U(a), U(b)) for 
any points a, b. Now consider 


d(TU(a), TU(b)) = d(T(U(a)), T(U(b))) = a(U(@), U(b)) 
since T is an isometry. However, 
d(U(a), U(b)) = d(a, b) 


since U is an isometry. Combining these, we have that TU is also an isometry. 
Consider T~! and points a, b. Then 


d(T~‘(a), T~'(b)) = d(TT~‘(a), TT ‘(b)) 
since T is an isometry. But TT"! = J; hence, 


d(T ‘(a), T ‘(b)) = d(TT ‘(a), TT-‘(b)) = d(a, b). 


Therefore, T~* is also an isometry; hence, € is a group. 


One of the major results concerning € is the following. We refer to [41], [42], [27], 
and [35] for a more thorough treatment. 
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Theorem 9.2.4. IfT € €, then T is either a translation, rotation, reflection, or glide reflec- 
tion. The set of translations and rotations forms a subgroup. 


Proof. We outline a brief proof. If T is an isometry and T fixes the origin (0,0), then T is 
a linear mapping. It follows that T is a rotation or a reflection. If T does not fix the origin, 
then there is a translation Ty such that ToT fixes the origin. This gives translations and 
glide reflections. In the exercises, we expand out more of the proof. 


If D is a geometric figure in €”, such as a triangle or square, then a symmetry of 
D is a congruence motion T : €? — €? that leaves D in place. However, it may move 
the individual elements of D. For example, a rotation about the center of a circle is a 
symmetry of the circle. 


Lemma 9.2.5. If D is a geometric figure in €”, then the set of symmetries of D forms a 
subgroup of € called the symmetry group of D, denoted by Sym(D). 


Proof: We show that Sym(D) is a subgroup of €. The identity map I fixes D, that is, I € 
Sym(D), and thus Sym(D) is nonempty. Let T, U € Sym(D). Then T maps D to D, and so 
does U. It follows directly that so does the composition TU; hence, TU € Sym(D). If T 
maps D to D, then certainly the inverse does. 


Example 9.2.6. Let T be an equilateral triangle. Then there are exactly six symmetries 
of T (see exercises). These are as follows: 

— Tis the identity, 

—  risarotation of 120° around the center of T, 

— risarotation of 240° around the center of T, 

- fisareflection over the perpendicular bisector of one of the sides, 

- fr isthe composition of f andr, and 

- fr’ is the composition of f and r’. 


The group Sym(T) is called the dihedral group D3. In the next section, we will see that it 
is isomorphic to S3, the symmetric group on 3 symbols. 


9.3 Permutation Groups 


Groups most often appear as groups of transformations or permutations on a set. In this 
section, we will take a short look at permutation groups, and then examine them more 
deeply in Chapter 11. We recall some ideas, first introduced in Chapter 7, in relation to 
the proof of the fundamental theorem of algebra. 


Definition 9.3.1. If Ais a set, a permutation on A is a one-to-one mapping of A onto itself. 
We denote the set of all permutations on A by S,. 
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Theorem 9.3.2. For any set A, S, forms a group under composition, called the symmetric 
group on A. If |A| > 2, then S, is non-Abelian. Furthermore, if A, B have the same cardi- 
nality, then S, = Sp. 


Proof. If S, is the set of all permutations on the set A, we must show that composition 
is an operation on S, that is associative, and has an identity and inverses. Let f, g € Sy. 
Then /f, g are one-to-one mappings of A onto itself. 

Consider fog:A— A.Iff g(a) =f ° g(a), then f(g(a,)) = f(g(@)), and g(a) = 
&(ay), since f is one-to-one. But then a, = a, since g is one-to-one. 

If a ¢ A, there exists a, € A with f(a,) = a since f is onto. Then there exists a, € A 
with g(a,) = a, since g is onto. Putting these together, f(g(a,)) = a; therefore, fog is onto. 
Therefore, f ° g is also a permutation, and composition gives a valid binary operation 
on Sy. 

The identity function 1(a) = a for alla < A will serve as the identity for S,, whereas 
the inverse function for each permutation will be the inverse. Such unique inverse func- 
tions exist since each permutation is a bijection. 

Finally, composition of functions is always associative; therefore, S, forms a group. 

Suppose that |A| > 2. Then A has at least 3 elements. Call them ay, a), ay. Consider 
the 2 permutations f and g, which fix (leave unchanged) all of A, except ay, a), a; and on 
these three elements: 


f(q)=@, f(a)=43, f(a3) =a 
&(4)=@, Bla) =a, 83) = a3. 


Then under composition 


f(e(a)) =, f(g(a))=a, f(g(as)) =a, 


whereas 


B(f(a)) =a, 8(fl@)) =a, 8(f(as)) = @. 


Therefore, f og # gf; hence, S, is not Abelian. 

If A, B have the same cardinality, then there exists a bijection a : A — B. Define a 
map F : S, — Sg in the following manner: if f € S,, let F(f) be the permutation on B, 
given by F(f)(b) = o(f (a *(b))). It is straightforward to verify that F is an isomorphism 
(see the exercises). 


If A, c A, then those permutations on A that map A, to A, form a subgroup of S, 
called the stabilizer of A,, denoted as stab(A,). We leave the proof to the exercises. 


Lemma 9.3.3. If A, ¢ A, then stab(A,) = {f € S,:f : A, — Aj} forms a subgroup of S,. 


A permutation group is any subgroup of S, for some set A. We now look at finite 
permutation groups. Let A be a finite set, say A = {a), @),...,@,}. Then each f € S, can 
be pictured as 
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f . ( a or Qn ) 
fq) ++ F(An) 
For a,, there are n choices for f(a,). For a), there are only n - 1 choices since f is one-to- 


one. This continues down to only one choice for a,. Using the multiplication principle, 
the number of choices for /; therefore, the size of S, is 


n(n-1)---1l=n. 


We have thus proved the following theorem. 
Theorem 9.3.4. If |A| =n then |S,| = nl. 


For a set A with n elements, we denote S, by S,, called the symmetric group on n 
symbols. 


Example 9.3.5. Write down the six elements of S; and give the multiplication table for 
the group. 
Name the three elements 1, 2, 3. The six elements of S, are then as follows: 


12 3 1 .2-°3 12 3 
1= , a= , b= 

12 3 23 1 3 1 2 

1 2 3 It, 2033 123 
c= , d= , e@= : 

2 1 3 3 2 1 13 2 


The multiplication table for S, can be written down directly by doing the required 
composition. For example, 


€ 2 ') ‘ 2 |) € 2 ') 
ac = = =d. 
2 3 1/\2 1 3 3.2 1 


To see this, note thata : 1 — 2,2 ~ 3,3 > 1;c:1—2,2 — 1,3 — 3,andso 
ac:1>3,2> 2,3 >1. 

It is somewhat easier to construct the multiplication table if we make some obser- 
vations. First, a’ = banda’ =1. Next, c= 1,d =ac,e= a’c and, finally, ac = ca’. 


From these relations, the following multiplication table can be constructed: 


Cc ac a’c 


1 a a 
1 1 a a’ Cc ac ac 
a a a 1 ac ac c 
ai@ 1 a ac ac 
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To see this, consider, for example, (ac)a” = a(ca”) = a(ac) = a’c. 
More generally, we can say that S; has a presentation given by 


S3 = (a,c;a@° = c? =1,ac = ca’). 


By this, we mean that S3 is generated by a, c, or that S, has generators a, c, and 
the whole group and its multiplication table can be generated by using the relations 
a=c= 1, ac = ca’. 


A theorem of Cayley actually shows that every group is a permutation group. 
A group G is a permutation group on the group G itself considered as a set. This result, 
however, does not give much information about the group. 


Theorem 9.3.6 (Cayley’s theorem). Let G be a group. Consider the set of elements of G. 
Then the group G is a permutation group on the set G; that is, G is a subgroup of S¢. 


Proof. We show that to each g ¢€ G, we can associate a permutation of the set G. If g € G, 
let 2, be the map given by 


Ty : 8, > 88 for each g) € G. 


It is straightforward to show that each 7, is a permutation on G. 


9.4 Cosets and Lagrange’s Theorem 


In this section, given a group G and a subgroup H, we define an equivalence relation 
on G. The equivalence classes all have the same size and are called the (left) or (right) 
cosets of H in G. 


Definition 9.4.1. Let G be a group and H c Ga subgroup. For a,b «€ G, define a ~ bif 
-1 
abe dH. 


Lemma 9.4.2. Let G bea group and H c Ga subgroup. Then the relation defined above is 
an equivalence relation on G. The equivalence classes all have the form aH for a € Gand 
are called the left cosets of H in G. Clearly, G is a disjoint union of its left cosets. 


Proof. Let us show, first of all, that this is an equivalence relation. Now a ~ a since 
a ‘a=e €H. Therefore, the relation is reflexive. Furthermore, a ~ b implies ab € H, 
but since H is a subgroup of G, we have ba = (a'b)"! € H. Thus, b ~ a. Therefore, 
the relation is symmetric. Finally, suppose that a ~ b and b ~ c. Then a-‘b € H, and 
b‘c € H. Since H is a subgroup a ‘b-b'c = a‘c € H; hence, a ~ c. Therefore, the 
relation is transitive and, hence, is an equivalence relation. 

For a € G, the equivalence class is 


[a] ={g ¢G:a~g}={aeG:a'g « H}. 
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But then, clearly, g € aH. It follows that the equivalence class for a € Gis precisely the set 
aH = {g €G: g =ahfor some he H}. 


These classes, aH, are called left cosets of H, and since they are equivalence classes, 
they partition G. This means that every element of g is in one and only one left coset. In 
particular, bH = H = eH ifand onlyifb ¢ H. 


If aH is a left coset, then we call the element a a coset representative. A complete 
collection 


{a € G: {aH} is the set of all distinct left cosets of H} 


is called a (left) transversal of H inG. 

One could define another equivalence relation by defining a ~ b if and only if 
ba” € H. Again, this can be shown to be an equivalence relation on G, and the equiva- 
lence classes here are sets of the form 


Ha = {g ¢G: g =haforsomeh «€ H}, 


called right cosets of H. Also, of course, G is the (disjoint) union of distinct right cosets. 

It is easy to see that any two left (right) cosets have the same order (number of 
elements). To demonstrate this, consider the mapping aH — bH via ah + bh, where 
h € H. It is not hard to show that this mapping is 1-1 and onto (see exercises). Thus, we 
have |aH| = |bH|. (This is also true for right cosets and can be established in a similar 
manner.) Letting b € H in the above discussion, we see |aH| = |H|, for anya ¢€ G. That 
is, the size of each left or right coset is exactly the same as the subgroup H. 

One can also see that the collection {aH} of all distinct left cosets has the same num- 
ber of elements as the collection {Ha} of all distinct right cosets. In other words, the 
number of left cosets equals the number of right cosets (this number may be infinite). 
For example, consider the map f : aH — Ha‘. This mapping is well defined; for if 
aH = bH, then b = ah, where h «€ H. Thus, f(bH) = Hb! = Hh''a’? = f(aH). It is not 
hard to show that this mapping is 1-1 and onto (see exercises). Hence, the number of left 
cosets equals the number of right cosets. 


Definition 9.4.3. Let G be a group and H c Ga subgroup. The number of distinct left 
cosets, which is the same as the number of distinct right cosets, is called the index of H 
in G, denoted by [G: H]. 


Now let us consider the case where the group G is finite. Each left coset has the 
same size as the subgroup H; here, both are finite. Hence, |aH| = |H| for each coset. In 
addition, the group G is a disjoint union of the left cosets; that is, 


G=HUg,HU-:-Ug,H. 
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Since this is a disjoint union, we have 
|G| = || + |g,H| +--+ + l8,H| = || + || +--+ +18] = |AN[G: A]. 


This establishes the following extremely important theorem: 
Theorem 9.4.4 (Lagrange’s theorem). Let G be a group and H c Ga subgroup. Then 
|G| = |AT[G: H]. 
If G is a finite group, this implies that both the order of a subgroup and the index of a 
subgroup are divisors of the order of the group. 


This theorem plays a crucial role in the structure theory of finite groups since it 
greatly restricts the size of subgroups. For example, in a group of order 10, there can be 
proper subgroups only of orders 1, 2, and 5. 

As an immediate corollary, we have the following result: 


Corollary 9.4.5. The order of any element g ¢€ G, where G is a finite group, divides the 
order of the group. In particular, if |G| = n and g « G, then o(g)|n, and g” = 1. 


Proof. Let g € Gand o(g) = m. Then mis the size of the cyclic subgroup generated by g; 
hence divides n from Lagrange’s theorem. Then n = mk, and so 


1231, 


Before leaving this section, we consider some results concerning general subsets of 
a group. 

Suppose that G is a group and S is an arbitrary nonempty subset of G, S c G, and 
S #0. Such a set S is usually called a complex of G. 

If U and V are two complexes of G, the product UV is defined as follows: 


UV = {£18. € G:ueU,ve V}. 


Now suppose that U, V are subgroups of G. When is the complex UV again a sub- 
group of G? 


Theorem 9.4.6. The product UV of two subgroups U, V of a group G is itself a subgroup 
ifand only if U and V commute; that is, if and only if UV = VU. 


Proof. We note first that when we say U and V commute, we do not demand that this 
is so elementwise. In other words, it is not required that uv = vu for allu € U and all 
v € V. All that is required is that for any u € U and v € V uv = v,u, for some elements 
u, € Uandy, € V. 

Assume that UV is a subgroup of G. Letu ¢ Uandv € V. Thenu ¢€ U-1c UV and 
v €1-V c UV. But since UV is assumed itself to be a subgroup, it follows that vu € UV. 
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Hence, each product vu ¢ UV, and so VU c UV. In an identical manner, UV c VU, and 
so UV = VU. 
Conversely, suppose that UV = VU. Let g) = WV, € UV, go = Upvy € UV. Then 


8181 = (UyV1)(UgV2) = Uy(VyUg) V2 = UyUgV3V2 = (UyU3)(V3V2) € UV 
Since V,U, = UsV3 for some u, € U and v3 € V. Furthermore, 


41 4-44 
Sy = (UV) = Vy Uy = Ugg. 


It follows that UV is a subgroup. 


Theorem 9.4.7 (Product formula). Let U, V be subgroups of G, and let R be a left transver- 
sal of the intersection U n V in U. Then 


uv = [Jrv, 


reR 


where this is a disjoint union. 
In particular, if U, V are finite, then 


_ 1UIIV 
|[UNV| 


|UV| 
Proof. Since R c U, we have that 


rv cu. 


reR 


In the other direction, let uv « UV. Then 


u=|(Jrunyv). 


reR 


It follows that u = rv’ withr € R, and v’ « Un V. Hence, 
uv =rv'verv. 


The union of cosets of V is disjoint, so 


uv € U rv. 


reR 


Therefore, UV c U,errV, proving the equality. 
Now suppose that |U| and |V| are finite. Then we have 


U U\|V 
WI yy) _ 1UIIM 


|UV| = |RI|V] = |U: UN VI|V| = = ; 
|UNV| UNV 
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We now show that index is multiplicative. Later, we will see how this fact is related 
to the multiplicativity of the degree of field extensions. 


Theorem 9.4.8. Suppose G is a group and U and V are subgroups with U c V c G. Then 


if G is the disjoint union 


G=rv, 


reR 


Ra left transversal of V in G, and V is the disjoint union 


V =(Jsu, 


seS 


S a left transversal of U in V, then we get a disjoint union for G as 


G= U rsU. 


reR,seS 


In particular, if [G : V] and [V : U] are finite, then 
IG: U]=[G:V][V: JU]. 


Proof. Now 


G=|Jrv= U(Us7) = U rsu. 
reR reR \seS reR,ses 
Suppose that r3s,U = rs.U. Then r1s,UV = rs,UV. But s,;UV = V, and s,UV = V so 
rV = r2V, which implies that r; = r,. Then s,U = s,U, which implies that s, = sp. 
Therefore, the union is disjoint. 
The index formula now follows directly. 


The next result says that the intersection of subgroups of finite index must again be 
of finite index. 


Theorem 9.4.9 (Poincaré). Suppose that U, V are subgroups of finite index in G. Then UNV 
is also of finite index. Furthermore, 


[IG:UnV] <[G:U][G: V]. 


If [G : U], [G: V] are relatively prime then equality holds. 


Proof. Let r be the number of left cosets of U in G that are contained in UV. r is finite 
since the index [G : U] is finite. From Theorem 9.4.7, we then have 


|V:UnV|=rs[G: JU]. 
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Then from Theorem 9.4.8, 
IG: UNV] =[G:V][V:UnV] < [G: V][G: U]. 


Since both [G : U] and [G: V] are finite, so is [G: UNV]. 
Now [G: U]|[G: UNV], [G: V]|[G: Un V]. If [G: U], and [G : V] are relatively 
prime, then 


IG: U][G: V]|[G: UNV] = [G:U][G:V] <[G:UnV]. 


Therefore, we must have equality. 


Corollary 9.4.10. Suppose that [G : U] and [G : V] are finite and relatively prime. Then 
G=UV. 


Proof. From Theorem 9.4.9, we have 
IG: UNV] =[G: U][G: V]. 
From Theorem 9.4.8 
IG:UnNV]=[G:V][V:UnV]. 
Combing these, we have 
[V:UnV]=[G:U]. 


The number of left cosets of U in G that are contained in VU is equal to the number of 
all left cosets of U in G. It follows then that we must have G = UV. 


9.5 Generators and Cyclic Groups 


We saw that if G is any group and g é¢ G, then the powers of g generate a subgroup 
of G, called the cyclic subgroup generated by g. Here, we explore more fully the idea of 
generating a group or subgroup. We first need the following: 


Lemma 9.5.1. IfU and V are subgroups of a group G, then their intersection UNV is also 
a subgroup. 


Proof. Since the identity of Gis in both U and V, we have that UnV is nonempty. Suppose 
that g),2. ¢« Un V. Then gj, g, € U; hence, g; 1g, € U since U is a subgroup. Analogously, 
21 82 € V. Hence, g'g, € Un V; therefore, Un V is a subgroup. 


Now let S be a subset of a group G. The subset S is certainly contained in at least 
one subgroup of G, namely G itself. Let {U,,} be the collection of all subgroups of G con- 
taining S. Then (), U, is again a subgroup of G from Lemma 9.5.1. Furthermore, it is the 
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smallest subgroup of G containing S (see the exercises). We call (), U, the subgroup of G 
generated by S, and denote it by (S), or grp(S). We call the set S a set of generators for (S). 


Definition 9.5.2. A subset M ofa group G is a set of generators for G if G = (M); that is, 
the smallest subgroup of G containing M is all of G. We say that G is generated by M, and 
that M is a set of generators for G. 


Notice that any group G has at least one set of generators, namely G itself. If we have 
G = (M) and M isa finite set, then G is called finitely generated. Clearly, any finite group 
is finitely generated. Shortly, we will give an example of a finitely generated infinite 


group. 


Example 9.5.3. The set of all reflections forms a set of generators for the Euclidean 
group €. Recall that any T ¢ € is either a translation, a rotation, a reflection, or a glide 
reflection. It can be shown (see exercises) that any one of these can be expressed as a 
product of 3, or fewer reflections. 


We now consider the case, where a group G has a single generator. 
Definition 9.5.4. A group G is cyclic if there exists a g € G such that G = (g). 


In this case, G = {g" : n € Z}; that is, G consists of all the powers of the element g. 
If there exists an integer m such that g™ = 1, then there exists a smallest such positive 
integer say n. It follows that gk = g! if and only if k = 1 (mod n). In this situation, the 
distinct powers of g are precisely 

0 2 -1 
fae ee re. 

It follows that |G| = n. We then call G a finite cyclic group. If no such power exists, then 
all the powers of G are distinct and G is an infinite cyclic group. 

We show next that any two cyclic groups of the same order are isomorphic. 


Theorem 9.5.5. (a) IfG = (g) is an infinite cyclic group, then G = (Z,+); that is, the 
integers under addition. 

(b) If G = (g) is a finite cyclic group of order n, then G = (Z,, +); that is, the integers 
modulo n under addition. 
It follows that for a given order there is only one cyclic group up to isomorphism. 


Proof. Let G be an infinite cyclic group with generator g. Map g onto 1 € (Z, +). Since g 
generates G and 1 generates Z under addition, this can be extended to ahomomorphism. 
It is straightforward to show that this defines an isomorphism. 

Now let G be a finite cyclic group of order n with generator g. As above, map g to 
1 € Z, and extend to a homomorphism. Again it is straightforward to show that this 
defines an isomorphism. 
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Now let G and H be two cyclic groups of the same order. If both are infinite, then 
both are isomorphic to (Z, +) and, hence, isomorphic to each other. If both are finite of 
order n, then both are isomorphic to (Z,,, +) and, hence, isomorphic to each other. 


Theorem 9.5.6. Let G = (g) be a finite cyclic group of order n. Then every subgroup of G 
is also cyclic. Furthermore, if d|n, there exists a unique subgroup of G of order d. 


Proof. Let G = (g) be a finite cyclic group of order n, and suppose that H is a subgroup 
of G. Notice that if g” ¢ H, then g” is also in H since H is a subgroup. Hence, H must 
contain positive powers of the generator g. Let t be the smallest positive power of g such 
that g' ¢ H. We claim that H = (g'), the cyclic subgroup of G generated by g‘. Leth € H, 
then h = g” for some positive integer m > t. Divide m by t to get 


m=qt+r, wherer=Oor0<r<t. 


Ifr # 0, thenr = m-qt > 0.Nowg™ ¢ H,g' ¢ Hsog™ € H for any q since Hisa 
subgroup. It follows that g"g“ = g™ ¢ H. This implies that g” ¢ H. However, this 
is a contradiction since r < t and fis the least positive power in H. It follows that r = 0 
som = qt. This implies that g” = g" = (g‘); that is, g” is a multiple of g'. Therefore, 
every element of H is a multiple of g‘; thus, g' generates H and, hence, H is cyclic. 

Now suppose that d|n so that n = kd. Let H = (g*); that is, the subgroup of G gener- 
ated by g*. We claim that H has order d and that any other subgroup H, of G with order 
d coincides with H. Now (g")¢ = gk4 = g” = 1, so the order of g* divides d, hence is 
< d. Suppose that (g*)“ = gk = 1 with d, < d. Then since the order of g is n, we have 
n = kd|kd, with d, < d, which is impossible. Therefore, the order of g* is d, andh = (g*) 
is a subgroup of G of order d. 

Now let H, be a subgroup of G of order d. We must show that H, = H. Let h € Hy, 
soh = g's hence, g = 1. It follows that n|td, and so kd|td; hence k(t. That is, t = qk for 
some positive integer q. Therefore, g‘ = (g*)4 € H. Therefore, H, c H, and since they 
are of the same size, H = Hy. 


Theorem 9.5.7. Let G = (g) be an infinite cyclic group. Then a subgroup H is of the form 
H = (g‘) for a positive integer t. Furthermore, if t,, t, are positive integers with t, # ty, 
then (g") and (g") are distinct. 


Proof. Let G = (g) be an infinite cyclic group and H a subgroup of G. As in the proof of 
Theorem 9.5.6, H must contain positive powers of the generator g. Let t be the smallest 
positive power of g such that g' ¢ H. We claim that H = (g"), the cyclic subgroup of G 
generated by g‘. Let h ¢ H, then h = g™ for some positive integer m > t. Divide mby t 
to get 


m=qt+r wherer=Oor0<r<t. 


Ifr # 0, thenr = m-qt > 0.Nowg™ ¢€ H,g' ¢« Hsog “ ¢ H for any q since Hisa 
subgroup. It follows that g"g"" = g™  ¢ H. This implies that g” « H. However, this is 
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a contradiction since r < t and t is the least positive power in H. It follows that r = 0, 
som = qt. This implies that g” = g = (g‘); that is, g™ is a multiple of g‘. Therefore, 
every element of H is a multiple of g‘ and, therefore, g‘ generates H; hence, H = (g°). 
From the proof above in the subgroup (g"), the integer t is the smallest positive 
power of g in (g‘). Therefore, if t,, t, are positive integers with t, # t), then (g") and 
(g) are distinct. 


Theorem 9.5.8. Let G = (g) be acyclic group. Then the following hold: 

(a) If G=(g) is finite of order n, then g* is also a generator if and only if (k,n) =1. That 
is, the generators of G are precisely those powers gk, where k is relatively prime to n. 

(b) IfG = (g) is infinite, then the only generators are g, g*. 


Proof. (a) Let G = (g) be a finite cyclic group of order n, and suppose that (k,n) = 1. 
Then there exist integers x, y with kx + ny = 1. It follows that 


ga germ = (gh )(g" = (8) 
since g” = 1. Hence, g is a power of gk, that implies every element of G is also a power 
of gk . Therefore, gk is also a generator. 


Conversely, suppose that g* is also a generator. Then g is a power of g*, so there ex- 
ists an x such that g = g. It follows that kx = 1(mod n), and so there exists a y such that 


kx +ny =1. 


This then implies that (k,n) = 1. 

(b) If G = (g) is infinite, then any power of g other than g' generates a proper 
subgroup. If g is a power of g” for some nso that g = g”, it follows that g™* = 1, thus, 
g has finite order, contradicting that G is infinite cyclic. 


Recall that for positive integers n, the Euler phi-function is defined as follows: 


Definition 9.5.9. For any n > 0, let 
@(n) = number of integers less than or equal to n, and relatively prime to n. 


Example 9.5.10. (6) = 2 since among 1, 2, 3, 4, 5, 6 only 1, 5 are relatively prime to 6. 


Corollary 9.5.11. IfG = (g) is finite of order n, then there are ¢(n) generators for G, where 
@ is the Euler phi-function. 


Proof. From Theorem 9.5.8, the generators of G are precisely the powers g*, where 
(k,n) = 1. The numbers relatively prime to n are counted by the Euler phi-function. 


Recall that in an arbitrary group G, if g € G, then the order of g, denoted o(g), is the 
order of the cyclic subgroup generated by g. Given two elements g,h ¢ G, in general, 
there is no relationship between o(g), o(h) and the order of the product gh. However, if 
they commute, there is a very direct relationship. 
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Lemma 9.5.12. Let G be an arbitrary group and g,h « G both of finite order o(g), o(h). If 
g and h commute; that is, gh = hg, then o(gh) divides lcm(o(g), o(h)). In particular, if G is 
an Abelian group, then o(gh)| lcm(o(g), o(h)) for all g, h € G of finite order. Furthermore, 
if (g) Nn Ch) = {1}, then o(gh) = lem(o(g), o(h)). 


Proof. Suppose o(g) = n and o(h) = mare finite. If g, h commute, then for any k, we 
have (gh) = aa ik Let t = lem(n,m), then t = k,m, t = kn. Hence, 


(gh)' = gfht = (g™)" (hy? =1. 


Therefore, the order of gh is finite and divides t. Suppose that (g) n (h) = {1}; that is, the 
cyclic subgroup generated by g intersects trivially with the cyclic subgroup generated 
by h. Let k = o(gh), which we know is finite from the first part of the lemma. 

Let t = lcm(n,m). We then have (gh)* = gkh* = 1, which implies that g* = h-*. 
Since the cyclic subgroups have only trivial intersection, this implies that gk = land 
nk = 1. But then n|k and m|k; hence t|k. Since k|t it follows that k = t. 


Recall that ifm and n are relatively prime, then lcm(m, n) = mn. Furthermore, if the 
orders of g and hare relatively prime, it follows from Lagrange’s theorem that (g)n(h) = 
{1}. We then get the following: 


Corollary 9.5.13. If g, h commute and o(g) and o(h) are finite and relatively prime, then 
o(gh) = o(g)o(h). 


Definition 9.5.14. If Gis a finite Abelian group, then the exponent of G is the lcm of the 
orders of all elements of G. That is, 


exp(G) = Iem{o(g) : g € GI. 


As a consequence of Lemma 9.5.12, we obtain 


Lemma 9.5.15. Let G be a finite Abelian group. Then G contains an element of order 
exp(G). 


Proof. Suppose that exp(G) = p;'---p, with p; distinct primes. By the definition of 
exp(G), there is a g; ¢ G with o(g;) = p;‘r; with p; and r; relatively prime. Let h; = g;’. 


l 


Then from Lemma 9.5.12, we get o(h;) = pe Now let g = h,h,--- hy. From the corollary 
to Lemma 9.5.12, we have o(g) = pi! ---p;* = exp(G). 


If K is a field then the multiplicative subgroup ofnonzero elements of K is an Abelian 
group K*. The above results lead to the fact that a finite subgroup of K* must actually 
be cyclic. 


Theorem 9.5.16. Let K be a field. Then any finite subgroup of K™ is cyclic. 


Proof. Let A c K* with |A| = n. Suppose that m = exp(A). Consider the polynomial 
f(x) = x™-1 ¢€ K[x]. Since the order of each element in A divides m, it follows that 
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a™ = 1 for alla € A; hence, each a ¢€ A is a zero of the polynomial f (x). Hence, f (x) has 
at least n zeros. Since a polynomial of degree m over a field can have at most m zeros, it 
follows that n < m. From Lemma 9.5.15, there is an element a € A with o(a) = m. Since 
|A| = n, it follows that m|n; hence, m < n. Therefore, m = n; hence, A = (a) showing that 
Ais cyclic. 


We close this section with two other results concerning cyclic groups. The first 
proves, using group theory, a very interesting number theoretic result concerning the 
Euler phi-function. 


Theorem 9.5.17. Forn > 1andford>=1 


Y o(d) =n. 


d\n 


Proof. Consider a cyclic group G of order n. For each d|n, d > 1, there is a unique cyclic 
subgroup H of order d. H then has ¢(d) generators. Each element in G generates its 
own cyclic subgroup H,, say of order d and, hence, must be included in the ¢(d) gener- 
ators of H,. Therefore, >’ 4), $(d) is the sum of the numbers of generators of the cyclic 
subgroups of G. But this must be the whole group; hence, this sum is n. 


We shall make use of the above theorem directly in the following theorem. 


Theorem 9.5.18. If|G| = n and iffor each positive d such that d|n, G has at most one cyclic 
subgroup of order d, then G is cyclic (and, consequently, has exactly one cyclic subgroup 
of order d). 


Proof. For each djn, d > 0, let Y(d) denote the number of elements of G of order d. Then 


Y v@ =n. 


d\n 


Now suppose that #(d) # 0 for a given d|n. Then there exists an a € G of order d, which 
generates a cyclic subgroup, (a), of order d of G. We claim that all elements of G of 
order d are in (a). Indeed, if b « G with o(b) = d and b ¢ (a), then (b) is a second cyclic 
subgroup of order d, distinct from (a). This contradicts the hypothesis, so the claim is 
proved. Thus, if w(d) # 0, then w(d) = ¢(d). In general, we have w(d) < (4d), for all 
positive d|n. But n = Yiqin (a) < Dain 9(A), by the previous theorem. It follows, clearly, 
from this that W(d) = (a) for all d|n. In particular, p(n) = @(n) = 1. Hence, there exists 
at least one element of G of order n; hence, G is cyclic. This completes the proof. 


Corollary 9.5.19. Ifin a group G of order n, for each dn, the equation x“ = 1 has at most 
d solutions in G, then G is cyclic. 


Proof. The hypothesis clearly implies that G can have at most one cyclic subgroup of 
order d since all elements of such a subgroup satisfy the equation. So Theorem 9.5.18 
applies to give our result. 
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If H is a subgroup of a group G then G operates as a group of permutations on the 
set {aH : a € R} of left cosets of H in G where R is a left transversal of H in G. This we 
can use to show that a finitely generated group has only finitely many subgroups of a 
given finite index. 


Theorem 9.5.20. Let G be a finitely generated group. The number of subgroups of index 
n < oo is finite. 


Proof: Let H be a subgroup of index n. We choose a left transversal {c,,...,¢C,} for H in 
G where c, = 1 represents H. G permutes the set of cosets c;H by multiplication from 
the left. This induces a homomorphism w,, from G to S,, as follows. For each g ¢€ G let 
Py () be the permutation which maps i to j if gc;H = c;H. py(8) fixes the number 1 if 
and only if g «¢ H because c,H = H. Now, let H and L be two different subgroups of index 
nin G. Then there exists g « H withg ¢ Land y(g) # &,(g), and hence , and y, 
are different. Since G is finitely generated there are only finitely many homomorphisms 
from G to S,. Therefore the number of subgroups of index n < oo is finite. 


9.6 Exercises 


1. Prove Lemma 9.1.4. 

Let G be a group and H a nonempty subset. H is a subgroup of G if and only if 
ab ¢ H for alla,b € H. 

3. Suppose that g « Gand g™ = 1 for some positive integer m. Let n be the smallest 
positive integer such that g” = 1. 

Show that the set of elements {1,g,g,...,¢” +} are all distinct but for any other 
power gX we have g* = g' for some k = 0,1,...,n-1. 

4. Let Gbea group and U,, U, be finite subgroups of G. If |U,| and |U,| are relatively 
prime, then U, n U, = {e}. 

Let A, B be subgroups of a finite group G. If |A| - |B| > |G| then An B # {e}. 

Let G be the set of all real matrices of the form (¢ 7), where a’? + b* # 0. Show: 
(a) Gisa group. 

(b) For eachn € N there is at least one element of order n in G. 

7. Letpbea prime, and let G = SL(2, p) = SL(2, Zp). Show: G has at least 2p—2 elements 
of order p. 

Let p be a prime and a ¢ Z. Show that a? = a (mod p). 

9. Here we outline a proof that every planar Euclidean congruence motion is either a 
rotation, translation, reflection or glide reflection. An isometry in this problem is a 
planar Euclidean congruence motion. Show: 

(a) IfT is anisometry then it is completely determined by its action on a triangle— 
equivalent to showing that if T fixes three noncollinear points then it must be 
the identity. 
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(b) Ifan isometry T has exactly one fixed point then it must be a rotation with that 
point as center. 
(c) If an isometry T has two fixed points then it fixes the line joining them. Then 
show that if T is not the identity it must be a reflection through this line. 
(d) Ifan isometry T has no fixed point but preserves orientation then it must be a 
translation. 
(e) If an isometry T has no fixed point but reverses orientation then it must be a 
glide reflection. 
10. Let P, be a regular n-gon and D,, its group of symmetries. Show that |D,| = 2n. 
(Hint: First show that |D,| < 2n and then exhibit 2n distinct symmetries.) 
11. If A, B have the same cardinality, then there exists a bijection o : A — B. Definea 
map F : S, — Sz in the following manner: if f € S,, let F(f) be the permutation on 
B given by F(f)(b) = o(f(a *(b))). Show that F is an isomorphism. 
12. Prove Lemma 9.3.3. 


10 Normal Subgroups, Factor Groups and Direct 
Products 


10.1 Normal Subgroups and Factor Groups 


In rings, we saw that there were certain special types of subrings, called ideals, which 
allowed us to define factor rings. The analogous object for groups is called a normal 
subgroup, which we will define and investigate in this section. 


Definition 10.1.1. Let G be an arbitrary group and suppose that H, and H, are subgroups 
of G. We say that H, is conjugate to H, if there exists an element a € G such that Hy = 
a ‘H,a. Hy, Hp are the called conjugate subgroups of G. 


Lemma 10.1.2. Let G be an arbitrary group. Then the relation of conjugacy is an equiva- 
lence relation on the set of subgroups of G. 


Proof. We must show that conjugacy is reflexive, symmetric, and transitive. If H is a 
subgroup of G, then1 ‘H1 = H; hence, H is conjugate to itself and, therefore, the relation 
is reflexive. 

Suppose that H, is conjugate to H,. Then there exists ag ¢ Gwith g ‘Hyg = H). 
This implies that gH,g! = H,. However, (g"')! = g; hence, letting g! = g,, we have 
& 1H, g, = H,. Therefore, H, is conjugate to H, and conjugacy is symmetric. 

Finally, suppose that H, is conjugate to H, and H, is conjugate to H3. Then there exist 
81,8 € G with H, = g;'H,g, and H; = g>'H,g,. Then 


Hy = 8 81 AySi82 = (8182) “Hy (8182). 


Therefore, H3 is conjugate to H, and conjugacy is transitive. 


Lemma 10.1.3. Let G be an arbitrary group. Then for g € G, themapg:a— g ‘ag isan 
automorphism on G. 


Proof. For a fixed g € G, define the map f : G — G by f(a) = g ‘ag for a € G. We must 
show that this is ahomomorphism, and that it is one-to-one and onto. 
Let a,, a, € G. Then 


f(qa) = g aang = (g-'a,8)(g¢ ‘a.g) =f (a,)f (a). 


Hence, f isa homomorphism. 
If f (a,) = f(a), then gta,g = g-‘ayg. Clearly, by the cancellation law, we then have 
Q, = dy; hence, f is one-to-one. 
Finally, let a < G, and let a, = gag"'. Thena = g ‘ag; hence, f(a,) = a. It follows 
that f is onto; therefore, f is an automorphism on G. 
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In general, a subgroup H of a group G may have many different conjugates. How- 
ever, in certain situations, the only conjugate of a subgroup H is H itself. If this is the 
case, we say that H is a normal subgroup. We will see shortly that this is precisely the 
analog for groups of the concept of an ideal in rings. 


Definition 10.1.4. Let G be an arbitrary group. A subgroup H is anormal subgroup of G, 
which we denote by H 4G,ifg Hg = H forall g < G. 


Since the conjugation map is an isomorphism, it follows that if g 1Hg c H, then 
g ‘Hg = H. Hence, in order to show that a subgroup is normal, we need only show 
inclusion. 


Lemma 10.1.5. Let N be a subgroup of a group G. Then if a™‘Na ¢ N for alla «€ G, then 
a ‘Na =N. Inparticular a'Na ¢ N for alla € G implies that N is anormal subgroup. 


Notice that if g ‘Hg = H, then Hg = gH. That is as sets the left coset, gH, is equal to 
the right coset, Hg. Hence, for each h, € H, there is an h, € H with gh, = hg. If H «4G, 
this is true for all g € G. Furthermore, if H is normal, then for the product of two cosets 
&,H and g,H, we have 


(81H) (82) = §\(H82)H = 818.(HA) = $182H. 


If (¢,H)(g,H) = (£18)H for all g,, 2, € G, we necessarily have g ‘Hg = H forall g € G. 
Hence, we have proved the following: 


Lemma 10.1.6. Let H be a subgroup of a group G. Then the following are equivalent: 
(1) H is anormal subgroup of G. 

(2) g 1Hg =H forallg €G. 

(3) gH = Hg forallg €G. 

(4) (8,H)(82H) = (8182) for all g;, 8) € G. 


This is precisely the condition needed to construct factor groups. First we give some 
examples of normal subgroups. 
Lemma 10.1.7. Every subgroup of an Abelian group is normal. 


Proof. Let G be Abelian and H a subgroup of G. Suppose g ¢ G, then gh = hg for all 
h € H since G is Abelian. It follows that gH = Hg. Since this is true for every g ¢€ G, it 
follows that H is normal. 


Lemma 10.1.8. Let H < G bea subgroup of index 2; that is, [G : H] = 2. Then H is normal 
in G. 


Proof. Suppose that [G : H] = 2. We must show that gH = Hg for all g ¢ G.Ifg ¢ H, 
clearly then, H = gH = Hg. Therefore, we may assume that g is not in H. Then there are 
only 2 left cosets and 2 right cosets. That is, 
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G=HUgH =HUuUHg. 


Since the union is a disjoint union, we must have gH = Hg; hence, H is normal. 


Lemma 10.1.9. Let K be any field. Then the group SL(n, K) is a normal subgroup of 
GL(n, K) for any positive integer n. 


Proof. Recall that GL(n, K) is the group of n x n matrices over the field K with nonzero 
determinant, whereas SL(n, K) is the subgroup of n x n matrices over the field K with 
determinant equal to 1. Let U € SL(n, K) and T € GL(n, K). Consider TUT. Then 


det(T~'UT) = det(T~') det(U) det(T) = det(U) det(T~'T) 
= det(U) det(I) = det(U) = 1. 


Hence, ToT < SL(n, K) for any U ¢ SL(n,K), and any T € GL(n, XK). It follows that 
T! SL(n, K)T c SL(n, K); therefore, SL(n, K) is normal in GL(n, K). 


The intersection of normal subgroups is again normal, and the product of normal 
subgroups is normal. 


Lemma 10.1.10. Let Nj, Ny be normal subgroups of the group G. Then the following hold: 
() N,N, is anormal subgroup of G. 

(2) N,N, is anormal subgroup of G. 

(3) IfH is any subgroup of G, then N, 1H is anormal subgroup of H, and N,H = HN,. 


Proof. We first show (1). Letn € N,N, andg € G. Then g"'ng € N, since N, is normal. 
Similarly, g ‘ng € N, since N, is normal. Hence, g ‘ng ¢ N,N Np. It follows that g4(N,n 
N,)g ¢ N,M Np; therefore, N; NN, is normal. 

We now show (2). Let ny € Nj, Ny € Ny. Since N;, Ny are both normal N,N, = N,N, as 
sets, and the complex N,N, forms a subgroup of G. Let g « G and n,n, € N,N. Then 


g (mn,)g = (g'nyg)(g" mg) < N,N, 


since g ‘ng € N, and g ‘ng € N,. Therefore, N,N, is normal in G. 

We finally show (3). Leth ¢ H andn € NH. Then as in part (a), h'nhe Nn H; 
therefore, N nH is a normal subgroup of H. If nh ¢ N,H,n ¢ N,,h € H, then nh = hn 
with some n’ ¢ N,. Hence, N,H = HN,. 


We now construct factor groups or quotient groups of a group modulo a normal 
subgroup. 


Definition 10.1.11. Let G be an arbitrary group and H a normal subgroup of G. Let G/H 
denote the set of distinct left (and hence also right) cosets of H in G. On G/H, define the 
multiplication (g,H)(g,H) = g)g,H for any elements g,H, gH in G/H. 
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Theorem 10.1.12. Let G be a group and H a normal subgroup of G. Then G/H under the 
operation defined above forms a group. This group is called the factor group or quotient 
group of G modulo H. The identity element is the coset 1H = H, and the inverse of a coset 
gH is g 1H. 


Proof. We first show that the operation on G/N is well defined. Suppose that a’N = aN 
and b'N = DN, then b’ € DN, and so b' = bn,. Similarly a’ = an,, where n,,n, € N. 
Therefore, 


a'b'N = an,bn,N = an,bN 


since n, € N. But b-'n,b = ng € N, since N is normal. Therefore, the right-hand side of 
the equation can be written as 


an,bN = abN. 


Thus, we have shown that if N <G, then a'b'N = abN, and the operation on G/N is 
indeed well defined. 

The associative law is true, because coset multiplication as defined above uses the 
ordinary group operation, which is by definition associative. 

The coset N serves as the identity element of G/N. Notice that 


aN -N = aN’ =aN, 
and 
N-aN = aN’ = aN. 


The inverse of aN is a“N since 


aNa'N = aa ‘N* =N. 


We emphasize that the elements of G/N are cosets; thus, subsets of G. If |G| < co, 
then |G/N| = [G : N], the number of cosets of N in G. It is also to be emphasized that for 
G/N to be a group, N must be a normal subgroup of G. 

In some cases, properties of G are preserved in factor groups. 


Lemma 10.1.13. If G is Abelian, then any factor group of G is also Abelian. If G is cyclic, 
then any factor group of G is also cyclic. 


Proof. Suppose that G is Abelian and H is a subgroup of G. H is necessarily normal from 
Lemma 10.1.7 so that we can form the factor group G/H. Let g,H, g,H € G/H. Since G is 
Abelian, we have 2125 = 958). Then in G/H, 


(81H) (82H) = (8182) H = (6281) = (82H) (81H). 
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Therefore, G/H is Abelian. 
We leave the proof of the second part to the exercises. 


An extremely important concept has to do with when a group contains no proper 
normal subgroups other than the identity subgroup {1}. 


Definition 10.1.14. A group G # {1} is simple, provided that NaG implies N =G or N = {1}. 


One of the most outstanding problems in group theory has been to give a complete 
classification of all finite simple groups. In other words, this is the program to discover 
all finite simple groups, and to prove that there are no more to be found. This was ac- 
complished through the efforts of many mathematicians. The proof of this magnificent 
result took thousands of pages. We refer the reader to [30] for a complete discussion of 
this. We give one elementary example: 


Lemma 10.1.15. Any finite group of prime order is simple and cyclic. 


Proof. Suppose that G is a finite group and |G| = p, where p is a prime. Let g ¢ G with 
g # 1. Then (g) is a nontrivial subgroup of G, so its order divides the order of G by 
Lagrange’s theorem. Since g # 1, and p is a prime, we must have |(g)| = p. Therefore, 
(g) is all of G; that is, G = (g); hence, G is cyclic. 

The argument above shows that G has no nontrivial proper subgroups and, there- 
fore, no nontrivial normal subgroups. Therefore, G is simple. 


In the next chapter, we will examine certain other finite simple groups. 


10.2 The Group Isomorphism Theorems 


In Chapter 1, we saw that there was a close relationship between ring homomorphisms 
and factor rings. In particular to each ideal, and consequently to each factor ring, there 
is aring homomorphism that has that ideal as its kernel. Conversely, to each ring homo- 
morphism, its kernel is an ideal, and the corresponding factor ring is isomorphic to the 
image of the homomorphism. This was formalized in Theorem 1.5.7, which we called the 
ring isomorphism theorem. We now look at the group theoretical analog of this result, 
called the group isomorphism theorem. We will then examine some consequences of this 
result that will be crucial in the Galois theory of fields. 


Definition 10.2.1. If G; and G, be groups and f : G,; — G, is a group homomorphism, 
then the kernel of f, denoted ker(/), is defined as 


ker(f) = {g € G, : f(g) = 1}. 


That is, the kernel is the set of the elements of G, that map onto the identity of G,. The 
image of f, denoted im(f), is the set of elements of G. mapped onto by f from elements 
of G,. That is, 
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im(f) = {g € G, : f(g1) = g for some g, € Gy}. 
Note that if f is a surjection, then im(f) = G,. 


As with ring homomorphisms the kernel measures how far a homomorphism is 
from being an injection, that is, a one-to-one mapping. 


Lemma 10.2.2. Let G, and G, be groups and f : G,; — G, a group homomorphism. Then 
f is injective if and only if ker(f) = {1}. 


Proof. Suppose that f is injective. Since f(1) = 1, we always have 1 ¢€ ker(f). Suppose 
that g ¢ ker(f). Then f(g) = f(1). Since f is injective, this implies that g = 1; hence, 
ker(f) = {1}. 

Conversely, suppose that ker(f) = {1} and f(g,) = f(g). Then 


fev) =1 = flgigy')=1 = e871 € ker(f). 


Then since ker(f) = {1}, we have gg, 1 _ 4; hence, g; = g. Therefore, f is injective. 


We now state the group isomorphism theorem. This is entirely analogous to the ring 
isomorphism theorem replacing ideals by normal subgroups. We note that this theorem 
is sometimes called the first group isomorphism theorem. 


Theorem 10.2.3 (Group isomorphism theorem). (a) LetG, and G, be groupsandf : G; > 
G, a group homomorphism. Then ker(f) is a normal subgroup of G,, im(f) is a sub- 
group of G,, and 


G/ker(f) = im(f). 


(b) Conversely, suppose that N is a normal subgroup of a group G. Then there exists a 
group H and a homomorphism f : G > H such that ker(f) = N, and im(f) = H. 


Proof. We first show (a). Since 1 € ker(f), the kernel is nonempty. Now suppose that 


S18 € ker(f). Then f(g;) = f(g) = 1. It follows that f (g4g)") = f(g1)(F(g,)) * = 1. Hence, 
£185, 1 € ker(f); therefore, ker(/) is a subgroup of G,. Furthermore, for g € G,, we have 


f(g) = (f(g) Fete) 
= (f(g) -1-f(g) =f (eg) =f) =1. 


Hence, g-‘g,g € ker(f) and ker(f) is a normal subgroup. It is straightforward to show 
that im(f) is a subgroup of G,. Consider the map f : G/ker(f) > im(f) defined by 


f(gker(f)) = f(g). 


We show that this is an isomorphism. 
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Suppose that g, ker(f) = g,ker(f), then g,g)' ¢ ker(f) so that f(g,g;') = 1. This 
implies that f(g,) = f(g); hence, the map f is well defined. Now, 


f (Si ker(f)g2 ker(f)) = f(8i82 Ker(f)) = f (e182) 
=f (8) (So) =F (gi kerf) )f (g2 ker(f))s 


therefore, f isa homomorphism. Suppose that f(g, ker(f)) = f(g, ker(f)), then it follows 
that f(g,) = f(g); and hence, g, ker(f) = gy ker(f). It follows that f is injective. 

Finally, suppose that h ¢ im(f). Then there exists a g € G, with f(g) = h. Then 
f(g ker(f)) = h, and f is a surjection onto im(f). Therefore, f is an isomorphism com- 
pleting the proof of part (a). 

Conversely, suppose that N is anormal subgroup of G. Define the map f : G > G/N 
by f(g) = gN for g ¢€ G. By the definition of the product in the quotient group G/N, it is 
clear that f is ahomomorphism with im(f) = G/N. If g ¢€ ker(f), then f(g) = gN = N 
since N is the identity in G/N. However, this implies that g ¢ N; hence, it follows that 
ker(f) = N, completing the proof. 


There are two related theorems that are called the second isomorphism theorem 
and the third isomorphism theorem. 


Theorem 10.2.4 (Second isomorphism theorem). Let N be a normal subgroup of a group 
Gand U a subgroup of G. Then U 1N is normal in U, and 


(UN)/N = U/(U AN). 


Proof. From Lemma 10.110, we know that U 1 N is normal in U. We define the map 
a: UN > U/UNN by a(un) = uU NN). Ifun = wn’, thenu’ tu = n'n' € UNN. 
Therefore, u’(U nN) = u(U NN); hence, the map a is well defined. 

Suppose that un, u’n’ ¢ UN. Since N is normal in G, we have that unu'n’ ¢ uu'N. 
Hence, unu'n’ = uu'n" with n"” ¢ N. Then 


a(unu'n’) = a(uu'n) = uu'(U NN). 
However, Un N is normal in U, so 
uu'(U NN) = u(U nN)u'(UNN) = a(un)a(u'n’). 


Therefore, a is ahomomorphism. We have im(a) = U/(U n N) by definition. Suppose 
that un € ker(a). Then a(un) = UN N c N, which implies u € N. Therefore, ker(f) = N. 
From the group isomorphism theorem, we then have 


UN/N = U/(UNN), 


proving the theorem. 
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Theorem 10.2.5 (Third isomorphism theorem). Let N and M be normal subgroups of a 
group G with N a subgroup of M. Then M/N is anormal subgroup in G/N, and 


(G/N)/(M/N) = G/M. 
Proof: Define the map f : G/N > G/M by 
B(gN) = gM. 


It is straightforward that f is well defined and a homomorphism. If gN ¢ ker(f), then 
B(gN) = gM = M; hence, g € M. It follows that ker(8) = M/N. In particular, this shows 
that M/N is normal in G/N. From the group isomorphism theorem then, 


(G/N)/(M/N) = G/M. 


For a normal subgroup N in G, the homomorphism f : G — G/N provides a one- 
to-one correspondence between subgroups of G containing N and the subgroups of 
G/N. This correspondence will play a fundamental role in the study of subfields of a 
field. 


Theorem 10.2.6 (Correspondence Theorem). Let N be a normal subgroup of a group G, 
and let f be the corresponding homomorphism f : G > G/N. Then the mapping 


@:H > f(A), 


where H is a subgroup of G containing N provides a one-to-one correspondence between 
all the subgroups of G/N and the subgroups of G containing N. 


Proof. We first show that the mapping @ is surjective. Let H, be a subgroup of G/N, and 
let 


H ={g¢G: f(g) < Ay}. 


We show that H is a subgroup of G, and that N c H. 

If 21,8. € H, then f(g,) € H,, and f(g.) € Hy. Therefore, f(g,)f(g.) € Hy; hence, 
f (182) € H,. Therefore, g,g, ¢ H. In an identical fashion, 97 1 € H. Therefore, H isa 
subgroup of G. Ifn € N, then f(n) = 1 € H,; hence, n ¢€ H. Therefore, N c H, showing 
that the map @ is surjective. 

Suppose that @(H,) = $(H2), where H, and H, are subgroups of G containing N. 
This implies that f(H,) = f(H,). Let g, ¢ H,. Then f(g,) = f(g) for some g, € H,. Then 
818) | € ker(f) = N c H,, It follows that gg)" ¢ Hp so that g, ¢ Hy. Hence, H, c H,.Ina 
similar fashion, H, c H,; therefore, H, = Hy. It follows that @ is injective. 
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10.3 Direct Products of Groups 


In this section, we look at a very important construction, the direct product, which al- 
lows us to build new groups out of existing groups. This construction is the analog for 
groups of the direct sum of rings. As an application of this construction, in the next sec- 
tion, we present a theorem, which completely describes the structure of finite Abelian 
groups. 

Let G,, G, be groups and let G be the Cartesian product of G, and G,. That is, 


G = G, x Gy = {(a,b): a€ Gy, b € Gy}. 
On G, define 
(€,, D4) - (dy; bz) = (a4; bybo). 
With this operation, it is direct to verify the groups axioms for G; hence, G becomes a 


group. 


Theorem 10.3.1. Let G,, G, be groups and G the Cartesian product G, x G, with the op- 
eration defined above. Then G forms a group called the direct product of G, and G». The 
identity element is (1,1), and (g,h)! = (g-1,h-}). 


This can be iterated to any finite number of groups (also to an infinite number, that 
we will not consider here) G;,...,G,, to form the direct product G, x Gy x--- x Gy. 


Theorem 10.3.2. For groups G, and G», we have G, x Gy = Gy, x G,, and G, x G, is Abelian 
if and only if each G,, i = 1, 2, is Abelian. 


Proof. The map (a,b) — (b, a), where a € G,, b € G, provides an isomorphism G, x G, > 
Gp x Gy. 
Suppose that both G,, G, are Abelian. Then if a,, a) € G,, by, D2 € G2, we have 


(@y, b1)(A2, bz) = (Az, byby) = (A2Q4, bab) = (Ay, ba)(Qy, by); 


hence, G; x G» is Abelian. 
Conversely, suppose G, x G, is Abelian, and suppose that a,,a, € G,. Then for the 
identity 1 € G,, we have 


(Q,Q», 1) = (ay, 1)(a,, 1) = (a); 1)(a,, 1) = (a,Qj, 1). 


Therefore, a,a, = a,Q,, and G, is Abelian. Similarly, G, is Abelian. 


We show next that in G, x G,, there are normal subgroups H;, H, with H, = G, and 
A, = Gp. 
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Theorem 10.3.3. Let G = G,xG,, Let H, = {(a,1): a € G,} and H, = {(1,b) : b € Gy}. Then 
both H, and H, are normal subgroups of G with G = H,H, and H,NH, = {1}. Furthermore, 
A, = Gy, A, = Go, G/H, = Go, and G/H, = G4. 


Proof. Map G,xG, onto G» by (a, b) — b.Itis clear that this map is ahomomorphism, and 
that the kernelis H, = {(a,1) : a € G,}. This establishes that H, is anormal subgroup of G, 
and that G/H, = G,. In an identical fashion, we get that G/H, = G,. The map (a,1) > a 
provides the isomorphism from H; onto G,. 


If the factors are finite, it is easy to find the order of G, x G,. The size of the Cartesian 
product is just the product of the sizes of the factors. 


Lemma 10.3.4. If|G,| and |G,| are finite, then |G, x Gy| = |G,||G,|- 


Now suppose that G is a group with normal subgroups G,, G, such that G = G,G, 
and G, N G, = {1}. Then we will show that G is isomorphic to the direct product G, x G». 
In this case, we say that G is the internal direct product of its subgroups, and that G,, G, 
are direct factors of G. 


Theorem 10.3.5. Suppose that G is a group with normal subgroups G,, G, with G = G,G», 
and G, MG», = {1}. Then G is isomorphic to the direct product G, x G». 


Proof: Since G = G,G», each element of G has the form ab with a € G,, b € G,. This repre- 
sentation as ab is unique as G, NG, = {1}. We first show that each a € G, commutes with 
each b € G». Consider the element aba 'b™!. Since G, is normal ba ‘hb € G,, which im- 
plies that abab™! € G,. Since G, is normal, aba”! € G,, which implies that aba ‘b! € G). 
Therefore, aba ‘b™! € G, NG, = {1}; hence, aba ‘b! = 1, so that ab = ba. 

Now map G onto G, x G, by f(ab) — (a,b). We claim that this is an isomorphism. It 
is clearly onto. Now 


Ff ((Qyby)(@pb2)) = f (Q,abyb2) = (Aya, byb2) 
= (A, by) (Ay, by) = f ((dy, y)) (F(a; by), 


so that f isa homomorphism. The kernel is G,NG, = {1}, and so f is an isomorphism. 


Although the end resulting groups are isomorphic, we call G, x G, an external direct 
product if we started with the groups G,, G, and constructed G, x G,, and we call G, x G, 
an internal direct product if we started with a group G having normal subgroups, as in 
the theorem. 


10.4 Finite Abelian Groups 


We now use the results of the last section to present a theorem that completely provides 
the structure of finite Abelian groups. This theorem is a special case of a general result 
on modules that we will examine in detail in Chapter 19. 
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Theorem 10.4.1 (Basis theorem for finite Abelian groups). Let G be a finite Abelian group. 
Then G is a direct product of cyclic groups of prime power order. 


Before giving the proof, we give two examples showing how this theorem leads to 
the classification of finite Abelian groups. 

Since all cyclic groups of order n are isomorphic to (Z,,, +), we will denote a cyclic 
group of order n by Z,,. 


Example 10.4.2. Classify all Abelian groups of order 60. Let G be an Abelian group of 
order 60. From Theorem 10.4.1, G must be a direct product of cyclic groups of prime 
power order. Now 60 = 2? .3-5,so the only primes involved are 2, 3, and 5. Hence, the 
cyclic group involved in the direct product decomposition of G have order either 2, 4, 3, 
or 5 (by Lagrange’s theorem, they must be divisors of 60). Therefore, G must be of the 
form 


G=2Z,xZ3xZe 
G=Z,x Z, x Z3 x Zs. 


Hence, up to isomorphism, there are only two Abelian groups of order 60. 


Example 10.4.3. Classify all Abelian groups of order 180. Now 180 = 2?-32-5, so the only 
primes involved are 2, 3, and 5. Hence, the cyclic group involved in the direct product 
decomposition of G have order either 2, 4, 3, 9, or 5 (by Lagrange’s theorem, they must 
be divisors of 180). Therefore, G must be of the form 


G=Z,xZ,x Zs 
G=Z,xZ,xZ,xZ, 
G=2Z,xZ3xZ3x Ze 
G=Z,x Z, x Z3 x Z3 x Zs. 


Hence, up to isomorphism, there are four Abelian groups of order 180. 
The proof of Theorem 10.4.1 involves the following lemmas: 


Lemma 10.4.4. Let G be a finite Abelian group, and let p||G|, where p is a prime. Then 
all the elements of G, whose orders are a power of p, form a normal subgroup of G. This 
subgroup is called the p-primary component of G, which we will denote by Gy. 


Proof. Let p be a prime with p||G|, and let a and b be two elements of G of order a power 
of p. Since G is Abelian, the order of ab is the lcm of the orders, which is again a power 
of p. Therefore, ab «€ Gp. The order of a™! is the same as the order of a, sO ae Gp; 
therefore, G, is a subgroup. 


Lemma 10.4.5. Let G be a finite Abelian group of order n. Suppose that n = p;' ---p; with 
Py ---> Px distinct primes. Then 
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where G,, is the p,-primary component of G. 


Proof. Each G,, is normal since G is Abelian, and since distinct primes are relatively 
prime, the intersection of the G,, is the identity. Therefore, Lemma 10.4.5 will follow by 
showing that each element of G is a product of elements in the G, . 


Let g€G. Then the order of g is ph pr. We write this as pim with (m, p;) = 1. Then 


g”™ has order ph and, hence, is in G,. Now since p;,...,p, are relatively prime, there 
exists m,...,M, with 


mpi eet mph =1; 
hence, 
g = (gy (gh) 


Therefore, g is a product of elements in the G,,. 


We next need the concept of a basis. Let G be any finitely generated Abelian group 
(finite or infinite), and let g;,..., g, be a set of generators for G. The generators g),..., 2, 
form a basis if 


G = (81) x +++ x (8n)s 


that is, G is the direct product of the cyclic subgroups generated by the g;. The basis 
theorem for finite Abelian groups says that any finite Abelian group has a basis. Suppose 
that Gis a finite Abelian group with a basis g),...,g, so that G = (g,) x --- x (g;,). Since 
G is finite, each g; has finite order, say m,. It follows then, from the fact that G is a direct 
product, that each g € G can be expressed as 


ee Sa is 


and, furthermore, the integers n,,...,n, are unique modulo the order of g;. Hence, each 
integer n; can be chosen in the range 0,1,...,m,;—1, and within this range for the element 
g, the integer n, is unique. 

From the previous lemma, each finite Abelian group splits into a direct product of 
its p-primary components for different primes p. Hence, to complete the proof of the 
basis theorem, we must show that any finite Abelian group of order p™ for some prime 
p has a basis. We call an Abelian group of order p™ an Abelian p-group. 

Consider an Abelian group G of order p™ for a prime p. It is somewhat easier to com- 
plete the proof if we consider the group using additive notation. That is, the operation is 
considered +, the identity as 0, and powers are given by multiples. Hence, if an element 
g € Ghas order p*, then in additive notation, p*g = 0. 
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A set of elements g;,..., 9; is then a basis for G if each g € G can be expressed 
uniquely as g = m,g, + --- + m,;,, where the m; are unique modulo the order of g;. We 
say that the g),...,g; are independent, and this is equivalent to the fact that whenever 
m8) +---+M,g; = 0, then m; = 0 modulo the order of g;. We now prove that any Abelian 
p-group has a basis. 


Lemma 10.4.6. Let G be a finite Abelian group of prime power order p" for some prime p. 
Then G is a direct product of cyclic groups. 


Notice that in the group G, we have p"g = 0 for all g ¢ Gas a consequence of La- 
grange’s theorem. Furthermore, every element has as its order a power of p. The smallest 
power of p, say p’ such that p’g = 0 for all g ¢€ G, is called the exponent of G. Any finite 
Abelian p-group must have some exponent p’. 


Proof. The proof of this lemma is by induction on the exponent. 

The lowest possible exponent is p. So, first, suppose that pg = 0 for all g € G. 
Since G is finite it has a finite system of generators. Let S = {g;,...,g;,} be a minimal 
set of generators for G. We claim that this is a basis. Since this is a set of generators, to 
show that it is a basis, we must show that they are independent. Hence, suppose that we 
have 


M81 +++ +M 8x =0 (10.1) 


for some set of integers mj. Since the order of each g; is p, as explained above, we may 
assume that 0 < m; < pfori=1,...,k. Suppose that one m; # 0. 

Then (m;,,p) = 1; hence, there exists an x; with m;x; = 1 (mod p) (see Chapter 4). 
Multiplying the equation (10.1) by x;, we get modulo p, 


MX {S$ +++ + Beto +IMAX SK = 0, 


and rearranging 


But then g; can be expressed in terms of the other g;; therefore, the set {g),...,g,} is 
not minimal. It follows that g,,..., g;, constitute a basis, and the lemma is true for the 
exponent p. 

Now suppose that any finite Abelian group of exponent p” ‘has a basis, and assume 
that G has exponent p”. Consider the set G = pG = {pg : g € G}. It is straightforward 
that this forms a subgroup (see exercises). Since p"g = 0 for all g ¢€ G, it follows that 
p" 1g = 0 for all g € G, and so the exponent of G < p”'. By the inductive hypothesis, G 
has a basis 


S = {P81>--+>P&x}- 
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Consider the set {g;,..., 2}, and adjoin to this set the set of all elements h ¢€ G, satisfying 
ph = 0. Call this set S,, so that we have 


S, = {215-000 Bo My... Ay}. 


We claim that S, is a set of generators for G. Let g € G. Then pg € G, which has the basis 
P81>---> PLR, So that 


DS = M pS + +++ + MEPS. 


This implies that 
PIS — MS, — ++ — MSx) = 0, 
so that g, — mg, —--- - Mg; must be one of the h;. Hence, 
§— M8, —--— MS, =h;, so that g = mg, +--+ MS + hi, 


proving the claim. 
Now S, is finite, so there is a minimal subset of S, that is still a generating system 
for G. Call this Sy, and suppose that Sp, renumbering if necessary, is 


So = {B1.-- Sp hy... As} with ph; = 0 fori=1,...,s. 


The subgroup generated by h,,...,, has exponent p. Therefore, by inductive hypoth- 
esis, has a basis. We may assume then that h,,...,h, is a basis for this subgroup and, 
hence, is independent. We claim now that g;,...,8,,),...,h, are independent and, 
hence, form a basis for G. 

Suppose that 


Mg, +--+ +M,g, +h, +--- +n h, = 0 (10.2) 


for some integers m,,...,m,,hy,...,h,. Each m;, n; must be divisible by p. Suppose, for 
example, that an m, is not. Then (m,, p) = 1, and then (m,, p") = 1. This implies that there 
exists an x; with m;x, = 1 (mod p”). Multiplying through by x; and rearranging, we then 
obtain 


§i = M4 X48y — ++ — NXjhe. 


Therefore, g; can be expressed in terms of the remaining elements of S,, contradict- 
ing the minimality of Sp. An identical argument works if an n; is not divisible by p. 
Therefore, the relation (10.2) takes the form 


apg, +--+ + a,pg, + byph, +--+ + b.ph, = 0. (10.3) 
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Each of the terms ph; = 0, so that (10.3) becomes 


QPS, +++: + a-p$, = 0. 


The g;,...,g, are independent and, hence, a;p = 0 for each i; hence, a; = 0. Now (10.2) 
becomes 


mh, +---+nh, = 0. 


However, hy,...,, are independent, so each n; = 0, completing the claim. 
Therefore, the whole group G has a basis proving the lemma by induction. 


For more details see the proof of the general result on modules over principal ideal 
domains later in the book. There is also an additional elementary proof for the basis 
theorem for finitely generated Abelian groups. 


10.5 Some Properties of Finite Groups 


Classification is an extremely important concept in algebra. A large part of the theory is 
devoted to classifying all structures of a given type, for example all UFD’s. In most cases, 
this is not possible. Since for a given finite n, there are only finitely many group tables, it 
is theoretically possible to classify all groups of order n. However, even for small n, this 
becomes impractical. We close the chapter by looking at some further results on finite 
groups, and then using these to classify all the finite groups up to order 10. 

Before stating the classification, we give some further examples of groups that are 
needed. 


Example 10.5.1. In Example 9.2.6, we saw that the symmetry group of an equilateral 
triangle had 6 elements, and is generated by elements r and f, which satisfy the relations 
r =f? =1,f 'rf =r, where r is a rotation of 120° about the center of the triangle, and 
f isa reflection through an altitude. This was called the dihedral group D3 of order 6. 

This can be generalized to any regular n-gon, n > 2. If D is a regular n-gon, then 
the symmetry group D,, has 2n elements, and is called the dihedral group of order 2n. It 
is generated by elements r and f, which satisfy the relations r" = f? = 1,f ‘rf = r™}, 
where r is a rotation of a about the center of the n-gon, and is a reflection. 

Hence, D,, the symmetries of a square, has order 8 and D;, the symmetries of a 
regular pentagon, has order 10. 


Example 10.5.2. Let i, j, k be the generators of the quaternions. Then we have 
P=pPa=k’=-1, (-1)?=1, and jk=1 


These elements then form a group of order 8 called the quaternion group denoted by Q. 
Since ijk = 1, we have ij = —ji, and the generators i and j satisfy the relations i* = j* = 1, 
2 “2 se De 
t=f,y =i. 
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We now state the main classification, and then prove it in a series of lemmas. 


Theorem 10.5.3. Let G be a finite group. 
(a) If|G| = 2, then G = Zp. 


(b) If|G| = 3, then G = Z,. 

(c) If|G| = 4, then G = Zy, or G = Zy x Zo. 

(d) If|G| =5, then G = Zs. 

(e) If|G| = 6, thenG = Z, = Z, x Z3, or G = Ds, the dihedral group with 6 elements. 


(Note D3 = S3 the symmetric group on 3 symbols.) 

(f) If|G| =7, thenG = Z,. 

(g) If|G| = 8, then G = Zg, or G = Z, x Zy, or G = Zy X Zy X Zy, or G = Dy, the dihedral 
group of order 8, or G = Q, the quaternion group. 

(h) If|G| = 9, then G = Zo, or G = Z3 x Zz. 

(i) IJf|G| = 10, then G = Z4) = Z, x Zs, or G = Ds, the dihedral group with 10 elements. 


Recall from Section 10.1, that a finite group of prime order must be cyclic. Hence, in 
the theorem, the cases |G| = 2,3,5,7 are handled. We next consider the case, where G 
has order p”, and where p is a prime. 


Definition 10.5.4. If Gis a group, then its center denoted Z(G), is the set of elements in G, 
which commute with everything in G. That is, 


Z(G) = {g ¢ G: gh = hg for anyh « G}. 


Lemma 10.5.5. For any group G the following hold: 
(a) The center Z(G) is anormal subgroup. 

(b) G = Z(G) ifand only if G is Abelian. 

(c) If G/Z(G) is cyclic, then G is Abelian. 


Proof. (a) and (b) are direct, and we leave them to the exercises. Consider the case, 
where G/Z(G) is cyclic. Then each coset of Z(G) has the form g’Z(G), where g ¢ G. 
Let a,b ¢ G. Then since a, b are in cosets of the center, we have a = g™uandb = g"v 
with u, v € Z(G). Then 


ab = (g™u)(g"v) = (g""g")(uv) = (g"g"")(vu) = (g"v)(g""u) = ba 


since u, v commute with everything. Therefore, G is Abelian. 


A p-group is any finite group of prime power order pk . We need the following: The 
proof of this is based on what is called the class equation, which we will prove in Chap- 
ter 13. 


Lemma 10.5.6. A finite p-group has a nontrivial center of order at least p. 
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Lemma 10.5.7. If |G| = p” with p a prime, then G is Abelian; hence we have G = Z ps OF 
G=Z,x Zp. 


Proof. Suppose that |G| = p”. Then from the previous lemma, G has a nontrivial center; 
hence, |Z(G)| = p, or |Z(G)| = p’. If |Z(G)| = p’, then G = Z(G), and G is Abelian. If 
|Z(G)| = p, then |G/Z(G)| = p. Since p is a prime this implies that G/Z(G) is cyclic; hence, 
from Lemma 10.5.5, G is Abelian. 


Lemma 10.5.7 handles the cases n = 4 and n = 9. Therefore, if |G| = 4, we must have 
G = Z,, or G = Z, x Z, and if |G| = 9, we must have G = Zo, or G = Z3 x Zz. 
This leaves n = 6, 8,10. We next handle the cases 6 and 10. 


Lemma 10.5.8. If G is any group, where every nontrivial element has order 2, then G is 
Abelian. 


Proof. Suppose that g? = 1 for all g < G. This implies that g = g/ for allg € G. Leta,b 
be arbitrary elements of G. Then 


(ab)? =1 = abab=1 = ab=b'a'=ba. 


Therefore, a, b commute, and G is Abelian. 


Lemma 10.5.9. If |G| = 6, then G = Z¢, or G = D3. 


Proof. Since 6 = 2-3, if G was Abelian, then G = Z, x Z3. Notice that if an Abelian 
group has an element of order m and an element of order n with (n, m) = 1, then it has 
an element of order mn. Therefore, for 6 if G is Abelian, there is an element of order 6; 
hence, G = Z, x Z3 = Ze. 

Now suppose that G is non-Abelian. The nontrivial elements of G have orders 2, 3, 
or 6. If there is an element of order 6, then Gis cyclic, and hence Abelian. If every element 
has order 2, then G is Abelian. Therefore, there is an element of order 3, say g € G. The 
cyclic subgroup (g) = {1,g,g7} then has index 2 in G and is, therefore, normal. Let h € G 
with h ¢ (g). Since g, 2 both generate (g), we must have (g) n (h) = {1}. If h also had 


order 3, then |(g, h)| = ae = 9, which is impossible. Therefore, h must have order 2. 


Since (g) is normal, we have h-'gh = g‘ for t = 1,2. If h-lgh = g, then g, h commute, 
and the group G is Abelian. Therefore, hgh = g* = g’1. It follows that g, h generate a 
subgroup of G, satisfying 


gah =1, hgh=g". 


This defines a subgroup of order 6 isomorphic to D; and, hence, must be all of G. 
Lemma 10.5.10. Jf|G| = 10, then G = Zy, or G = Ds. 


Proof. The proof is almost identical to that for n = 6. Since 10 = 2-5, if G were Abelian, 
G=Z,xZ, = Zio. 
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Now suppose that G is non-Abelian. As for n = 6, G must contain a normal cyclic 
subgroup of order 5, say (g) = {1,g,g7,g°,g"}. Ifh ¢ (g), then exactly as forn = 6, it 
follows that h must have order 2, and h-'gh = g" for t = 1,2,3,4.Ifh ‘gh = g, theng,h 
commute, and G is Abelian. Notice that h"! = h. Suppose that h ‘gh = hgh = g’. Then 


(hgh)? = (¢’*) =g8 =g = g=Wegh’=hgh=g' > g=1, 


which is a contradiction. Similarly, hgh = g? leads to a contradiction. Therefore, h-‘gh = 
g’ = g 1, and g, h generate a subgroup of order 10, satisfying 


Pah=1; h'ghagl 


Therefore, this is all of G, and is isomorphic to Ds. 


This leaves the case n = 8, the most difficult. If |G| = 8, and Gis Abelian, then clearly, 
G = Z,, or G = Z4xZp, or G = Z)xZ_xZy. The proof of Theorem 10.5.3 is then completed 
with the following: 


Lemma 10.5.11. IfG is anon-Abelian group of order 8, then G = Dy, orG =Q. 


Proof. The nontrivial elements of G have orders 2, 4, or 8. If there is an element of or- 
der 8, then G is cyclic, and hence Abelian, whereas if every element has order 2, then 
G is Abelian. Hence, we may assume that G has an element of order 4, say g. Then (g) 
has index 2 and is a normal subgroup. First, suppose that G has an element h ¢ (g) of 
order 2. Then 


t 


h'gh=g' forsomet =1,2,3. 


If h-‘gh = g, then as in the cases 6 and 10, (g,h) defines an Abelian subgroup of order 8; 
hence, G is Abelian. If hgh = g’, then 


(nigh) = (g*) =gt=1 = g=h?gh =he’h= gt = go =1, 


contradicting the fact that g has order 4. Therefore, h ‘gh = g° = g’1. It follows that g, 
h define a subgroup of order 8, isomorphic to D,. Since |G| = 8, this must be all of G and 
G = Dy. 

Therefore, we may now assume that every element h € Gwithh ¢ (g) has order 4. 
Let h be such an element. Then hh” has order 2, SO We (g), which implies that h? = g’. 
This further implies that g” is central; that is, commutes with everything. Identifying g 
with i, h with j, and g? with —1, we get that G is isomorphic to Q, completing Lemma 10.5.11 
and the proof of Theorem 10.5.3. 


In principle, this type of analysis can be used to determine the structure of any finite 
group, although it quickly becomes impractical. A major tool in this classification is the 
following important result known as the Sylow theorem, which we just state. We will 
prove this theorem in Chapter 13. If |G| = pn with p a prime and (n,p) = 1, thena 
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subgroup of G of order p™ is called a p-Sylow subgroup. It is not clear at first that a 
group will contain p-Sylow subgroups. 


Theorem 10.5.12 (Sylow theorem). Let |G| = pn with p a prime and (n,p) = 1. 
(a) Gcontains a p-Sylow subgroup. 

(b) All p-Sylow subgroups of G are conjugate. 

(c) Any p-subgroup of G is contained in a p-Sylow subgroup. 

(d) The number of p-Sylow subgroups of G is of the form 1 + pk and divides n. 


10.6 Automorphisms of a Group 


Let G be a group. A homomorphism f : G — Gis called an automorphism of G if f is 
bijective. Let Aut(G) be the set of all automorphisms of G. 


Theorem 10.6.1. Aut(G) is a group. 


Proof. The identity map 1 is the identity of Aut(G). 
Let f, g € Aut(G). 
Then certainly fg € Aut(g). Now 
f (ab) = f(t "(@r (0) 
=f (FF of") 
=f (af) 


for a,b € G, because f € Aut(G). 
Hence, f-! € Aut(G). 


A special automorphism of G is as follows: Let a € G, and 


ig:GoG (x)= axa’. 
By Lemma 10.1.3, we have that i, € Aut(G). 


Definition 10.6.2. i, is called an inner automorphism of G by a. 
Let Inn(G) be the set of all inner automorphisms of G. 


Theorem 10.6.3. The map : G > Aut(G), a» i,, isan epimorphism; that is, a surjective 
homomorphism. 


Proof. Certainly @(G) = Inn(G). We have the following: 
(a)@(b)(x) = ig(ip(x)) = i,(bxb™) 
= abxb"'a' = (ab)x(ab)! 
= Igp(X) = P(ab)(x), 


that is, p(ab) = o(a)e(b). 
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Theorem 10.6.4. Inn(G) is anormal subgroup of Aut(G); that is, Inn(G) < Aut(G). 


Proof. From Theorem 10.6.3, Inn(G) is a homomorphic image @(G) of G. Therefore, 
Inn(G) < Aut(G). Let f ¢ Aut(G). Then 


fief *00) = f(af ea’) = fa@sf eof(a") 
= f@x(f(@) = ipa (Xs 


that is, figf' = i¢¢a) € Inn(G). 


We now consider the kernel ker(g) of the map 9 : G > Aut(G), a» i. 
We have 


ker(g) = {a € G: i,(x) = x for all x € G} 


= {ae G:axa' =x forall x € GI. 


Hence, ker(@) = Z(G), the center of G. Now, from Theorem 10.2.3, we get the following: 
Theorem 10.6.5. For a group G we have Inn(G) = G/Z(G). 


Let G be a group and/f ¢€ Aut(G). Ifa € G has order n, then f(a) also has order n; if 
a € Ghas infinite order then f(a) also has infinite order. 


Example 10.6.6. Let V = Z, x Z,; that is, V has four elements 1, a,b and ab with a” = 
b? = (ab)* =1. 

V is often called the Klein four group. An automorphism of V permutes the three 
elements a, b and ab of order 2, and each permutation of {a, b, ab} defines an automor- 
phism of V. Hence, Aut(V) = S3. 


Example 10.6.7. We have S; = Inn(S3) = Aut(S3). By Theorem 10.6.5, S,; = Inn(S3), be- 
cause Z(S3) = {1}. Now, let f ¢ Aut(S;). Analogously, as in Example 10.6.6, the automor- 
phism f permutes the three transpositions (1, 2), (1,3), and (2, 3). 

This gives | Aut(S3)| < |S3| = 6, because S3 is generated by these transpositions. From 
S = Inn(S3) < Aut(S3), we have | Aut(S3)| > 6. 

Hence, Aut(S3) = Inn(S3) = S3. 


Example 10.6.8. Let G, = (g) = (Z,, +), n € N, be a cyclic group of order n. 

Iff ¢ Aut(G,), then G, = (f(g)) = (g*), and (k,n) = 1 by Theorem 9.5.8. Hence, 
Aut(G,) = Z;, the group of units of the ring Z, = Z/nZ. 

In particular, | Aut(G,,)| = g(n). Ifn = pa prime number, then Aut(Gp) = Zy is cyclic 
by Theorem 9.5.16. 

In general, Aut(G,,) is not cyclic. If, for instance, n = 8, then g(8) = 4. The four 
automorphisms of Gg are given by f,(g) = g,f,(g) = 8°, f(g) = 8°, and f,(g) = g’. 

We have f(g) = g fori = 1,2,3,4. Hence, Aut(Gg) = Z, x Z,. We remark that 
certainly Aut(Z, +) = Z,, because f(1) = 1 or f(1) = -1 for f € Aut(Z, +). 
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10.7 Exercises 


10. 


11. 


12. 


Prove that if G is cyclic, then any factor group of G is also cyclic. 

Prove that for any group G, the center Z(G) is a normal subgroup, and G = Z(G) if 

and only if G is Abelian. 

Let U, and U, be subgroups of a group G. Let x,y € G. Show the following: 

(i) IfxU, = yUp, then U, = Us. 

(ii) An example that xU, = U,x does not imply U; = Us. 

Let U, V be subgroups of a group G. Let x,y ¢ G. If UxV nUyV ¢ @, then UxV = UyV. 

Let N be a cyclic normal subgroup of the group G. Then all subgroups of N are 

normal subgroups of G. Give an example to show that the statement is not correct 

if N is not cyclic. 

Let N, and N, be normal subgroups of G. Show the following: 

(i) If all elements in N, and N, have finite order, then also the elements of N,N>. 

(ii) Let e;,e) € N. If n;' = 1 for all n; € N; @ = 1,2), then x" = 1 for all x € NiNp. 

Find groups N,, N, and G with N, < N, <G, but N, is not anormal subgroup of G. 

Let G be a group generated by a and b and let bab = a’ and a" = 1 for suitable 

réZ,néN. Show the following: 

(i) The subgroup A := (a) is anormal subgroup of G. 

(ii) G/A = (DA). 

(iii) G = {Da' : i,j € Zh. 

Prove that any group of order 24 cannot be simple. 

Let G be a group with subgroups G,, G,. Then the following are equivalent: 

(i) G=G,xG,. 

(ii) 6G, 4G, G, 4G, G = G,G,, and G, NG, = {1}. 

(iii) Every g € G has a unique expression g = 9180, where g) € Gy, 8 € G,, and 
8182 = 8281 for each gy € Gy, 8 € Gp. 

Suppose that G is a finite group with normal subgroups G,, G, such that 

(1G4|, |G_|) = 1. If |G] = |G,||G,|, then G = G, x G). 

Let G be a group with normal subgroups G, and G, such that G = G,G,. Then 


G/(G, Gy) = G,/(G,N Gy) x Gy/(G,N Gy). 


11 Symmetric and Alternating Groups 


11.1 Symmetric Groups and Cycle Decomposition 


Groups most often appear as groups of transformations or permutations on a set. In 
Galois Theory, groups will appear as permutation groups on the zeros of a polynomial. 
In Section 9.3, we introduced permutation groups and the symmetric group S,,. In this 
chapter, we look more carefully at the structure of S,, and for each n introduce a very 
important normal subgroup, A,, of S,,, called the alternating group on n symbols. 

Recall that if A is a set, a permutation on A is a one-to-one mapping of A onto itself. 
The set S, of all permutations on A forms a group under composition called the sym- 
metric group on A. If |A| > 2, then S, is non-Abelian. Furthermore, if A, B have the same 
cardinality, then S, = Sp. 

If |A| = n, then |S,| = n! and, in this case, we denote S, by S,, called the symmetric 
group on n symbols. For example, |S3| = 6. In Example 9.3.5, we showed that the six 
elements of S, can be given by the following: 


12; 2 : a=(5 2 ae b=(; 
1. 2° 3 2-3 A 3 
ee, 2 a: a-(; 2 

21 3 3 2 


In addition, we saw that S3 has a presentation given by 


Re Ww 
NS 
fas} 
Il 
a 
pe 
wh rR BDO 
Do ww 
eee 


S3 = (a,C; a=c =1,ac= ca’). 


By this, we mean that S3 is generated by a,c, or that S; has generators a,c, and the 
whole group and its multiplication table can be generated by using the relations a’ = 
c? =1,ac = ca’. 

In general, a permutation group is any subgroup of S, for a set A. 

For the remainder of this chapter, we will only consider finite symmetric groups S, 
and always consider the set A as A = {1,2,3,..., nj. 


Definition 11.1.1. Suppose that f is a permutation of A = {1,2,...,n}, which has the 
following effect on the elements of A: There exists an element a, € A with f(a,) = @, 
f (@y) = Q3,...,f (Ax_4) = A, f (Ay) = a,, and f leaves all other elements (if there are any) 
of A fixed; that is, f(a;) = a; for a; # a;,i = 1,2,...,k. Such a permutation f is called a 
cycle or a k-cycle. 


We use the following notation for a k-cycle, f, as given above: 


f = (a,, Ay, .- +, Ax). 
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The cycle notation is read from left to right. It says f takes a, into a», a, into az, et 
cetera, and finally a,, the last symbol, into a,, the first symbol. Moreover, f leaves all the 
other elements not appearing in the representation above fixed. 

Note that one can write the same cycle in many ways using this type of notation; for 
example, f = (d), Q3,...,Q,, a,). In fact, any cyclic rearrangement of the symbols gives 
the same cycle. The integer k is the length of the cycle. Note we allow a cycle to have 
length 1, that is, f = (a,), for instance. This is just the identity map. For this reason, we 
will usually designate the identity of S,, by (1), or just 1. (Of course, it also could be written 
as (a;), where a; € A.) 

If f and g are two cycles, they are called disjoint cycles if the elements moved by 
one are left fixed by the other; that is, their representations contain different elements 
of the set A (their representations are disjoint as sets). 


Lemma 11.1.2. Iff and g are disjoint cycles, then they must commute; that is, fg = gf. 


Proof. Since the cycles f and g are disjoint, each element moved by f is fixed by g, and 
vice versa. First, suppose f(a;) # a;. This implies that g(a,) = a;, and f7(a;) # f(q)). 
But since f'(a) # f(a), gf(a;)) = f(a). Thus, (fg)(a;) = f(g(a@)) = f(a;), whereas 
(sf)(a;) = g(f(a))) = f(a;). Similarly, if g(a;) # aj, then (fg)(a;) = (gf)(q;). Finally, if 
f (dx) = dy and g(a;,) = a,, Clearly then, (fg)(a,) = a, = (gf)(a;). Thus, gf = fg. 


Before proceeding further with the theory, let us consider a specific example. Let 
A= {1,2,..., 8}, and let 


fe eS) 
“\2 4 65 17 3 8)° 


We pick an arbitrary number from the set A, say 1. Then f(1) = 2, f(2) = 4, f(4) =5, 
f(5) = 1. Now select an element from A not in the set {1, 2, 4,5}, say 3. Then f(3) = 6, 
f(6) =7,f (7) =3. 

Next select any element of A that does not occur in the set {1, 2, 4, 5} U {3, 6, 7}. The 
only element left is 8, and f(8) = 8. It is clear that we can now write the permutation f 
as a product of cycles: 


f = (1,2, 4,5)(3, 6, 7)(8), 


where the order of the cycles is immaterial since they are disjoint and, therefore, com- 
mute. It is customary to omit such cycles as (8) and write f simply as 


f = (12,4, 5)(3, 6,7) 


with the understanding that the elements of A not appearing are left fixed by f. 
It is not difficult to generalize what was done here for a specific example, and show 
that any permutation f can be written uniquely, except for order, as a product of disjoint 
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cycles. Thus, let f be a permutation on the set A = {1,2,...,n}, and let a, € A. Let f(a,) = 
Q, f(a) = f (dy) = Gy, et cetera, and continue until a repetition is obtained. We claim 
that this first occurs for a,; that is, the first repetition is, say 


f(y) =f (Ax) = Aka = A. 
For suppose the first repetition occurs at the k-th iterate of f and 
F(a) =f (ax) = Geer 


and a;,,; = aj, where j < k. Then 


f(a) =f""@. 


and so f*7*(a,) = ay. However, k -j+1< kifj #1,and we assumed that the first repe- 
tition occurred for k. Thus, j = 1, and so f does cyclically permute the set {a,,d),..., a}. 
If k < n, then there exists b; « A such that b, ¢ {a,,a,,...,a;}, and we may proceed 
similarly with b,. We continue in this manner until all the elements of A are accounted 
for. It is then seen that f can be written in the form 


f =(Q,..., A) (Dy... De) (Cys. + +5 Cm) ++ (ys e+ Me). 
Note that all powers f (a) belong to the set 

{ay = f(A) = fP(Ay)s dy = fA) OR = fad}; 
all powers f (by) belong to the set 

{by = f(y) = f* (by), by = fy), Be =f Odi; 


and so on. Here, by definition, b, is the smallest element in {1,2,...,n}, which does not 
belong to {a, = f°(a,) = f*(a), dy = f'(ay),..., Ax =f 'a)h; C, is the smallest element 
in {1,2,...,n}, which does not belong to 


{a, = f°(ay) = fK(q), a2 = f(a), «2.5 a =f May)} 
U {by = f° (by) =f (by), by = f'(by), »--> De =f? “By }- 


Therefore, by construction, all the cycles are disjoint. 

From this, it follows thatk+€+m+---+t =n. Itis clear that this factorization is 
unique, except for the order of the factors, since it tells explicitly what effect f has on 
each element of A. 

In summary, we have proven the following result. 
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Theorem 11.1.3. Every permutation of S, can be written uniquely as a product of disjoint 
cycles (up to order). 


Example 11.1.4. The elements of S; can be written in cycle notation as 1 = (1), (1,2), (1,3), 
(2, 3), (4, 2, 3), (1, 3,2). This is the largest symmetric group, which consists entirely of cy- 
cles. 

In S,, for example, the element (1, 2)(3, 4) is not a cycle, but a product of cycles. Sup- 
pose we multiply two elements of S3, say (1,2) and (1,3). In forming the product or com- 
position here, we read from right to left. Thus, to compute (1, 2)(1, 3): We note the per- 
mutation (1,3) takes 1 into 3, and then the permutation (1, 2) takes 3 into 3. Therefore, 
the composite (1, 2)(1, 3) takes 1 into 3. Continuing the permutation, (1, 3) takes 3 into 1, 
and then the permutation (1, 2) takes 1 into 2. Therefore, the composite (1, 2)(1, 3) takes 3 
into 2. Finally, (1, 3) takes 2 into 2, and then (1, 2) takes 2 into 1. So (1, 2)(1, 3) takes 2 into 1. 
Thus, we see (1, 2)(1, 3) = (4,3, 2). 

As another example of this cycle multiplication consider (1, 2)(2, 4,5)(1, 3)(1, 2, 5) 
in S;: 

Reading from right to left lL KH 2244501» 4 Now4H 4455 
so4r 5. Next5r13H3 38056 3.Then3 H3H1H1 2503h 2. 
Finally, 2» 5+ 52+ 1,802 + 1. Since all the elements of A = {1,2,3,4,5} have 
been accounted for, we have (1, 2)(2, 4, 5)(1, 3)(4, 2,5) = (4, 4, 5, 3, 2). 


Let f € S,. Iff is a cycle of length 2, that is, f = (a), a), where a), a, € A, then f is 
called a transposition. Any cycle can be written as a product of transpositions, namely, 


(Gy... Ay) = (Ay, Ax) (Ay; Ax_4) +++ (Gy, Gy). 


From Theorem 11.1.3, any permutation can be written in terms of cycles, but from the 
above, any cycle can be written as a product of transpositions. Thus, we have the follow- 
ing result: 


Theorem 11.1.5. Let f ¢ S, be any permutation. Then f can be written as a product of 
transpositions. 


11.2 Parity and the Alternating Groups 
If f is a permutation with a cycle decomposition 

(Gig. sf) Bye BA Aiea), 
then f can be written as a product of 

Wf) = (k=) +G-1 +--+ (C-1) 


transpositions. The number W(f) is uniquely associated with the permutation f since f 
is uniquely represented (up to order) as a product of disjoint cycles. However, there is 


11.2 Parity and the Alternating Groups —— 165 


nothing unique about the number of transpositions occurring in an arbitrary represen- 
tation of f as a product of transpositions. For example, in S3, 


(1,3, 2) = (4,2)(4,3) = (4, 2)(1,3)(4, 2)(1, 2), 


since (1, 2)(1, 2) = (1), the identity permutation of S3. 

Although the number of transpositions is not unique in the representation of a per- 
mutation f as a product of transpositions, we will show that the parity (evenness or 
oddness) of that number is unique. Moreover, this depends solely on the number W(f) 
uniquely associated with the representation of f. More explicitly, we have the following 
result: 


Theorem 11.2.1. Iff is a permutation written as a product of disjoint cycles, and if W(f) 
is the associated integer given above, then if W(f) is even (odd), any representation of f, 
as a product of transpositions, must contain an even (odd) number of transpositions. 


Proof. We first observe the following: 


(a, b)(D, C1, ...5C¢)(@, by, ..., Dx) = (A, Dy, ... Dy D, C4, - «5 Ce) 
(a, b)(a, by,..., Dy, D, Cy... -5 Ce) = (A, Dy, ... Dy )(D, Cy, 5 Cy). 


Suppose now that f is represented as a product of disjoint cycles, where we include all 
the 1-cycles of elements of A, which f fixes, if any. If a and b occur in the same cycle in 
this representation for f, 


POP yn Pit: Oey 


then, in the computation of W(f), this cycle contributes k + t + 1. Now consider (a, b)f. 
Since the cycles are disjoint and disjoint cycles commute, 


(a, b)f =---(a,b)(a, by,...,Dy,D,Cy,...5Cp) °° 
since neither a nor b can occur in any factor of f other than 
(a, by,..., Dy, D, Cy, ..-5 Cz). 
So that (a, b) cancels out, and we find that 
(a, b)f =--- (BD, C4,...5C;)(@ Dy... Dy) 
Since W((b, cy,...,C;)(a,D,,...,b,)) = k + t, but W(a,dy,...,D,,b,Cy...5C,) =k +t+4, 
we have W((a, b)f) = W(f) -1. 


A similar analysis shows that in the case, where a and b occur in different cycles in 
the representation of f, then W((a, b)f) = W(f) + 1. Combining both cases, we have 
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W((a,b)f) = W(f) #1. 
Now let f be written as a product of m transpositions, say 
f = (@, Dy) (dy, bg) +++ (Am; Dm). 
Then 
(A> Dm) +++ (Ay; by) (Ay, b1)f = 1. 
Iterating this, together with the fact that W(1) = 0, shows that 
W(f)(41)(41)(41) --- (+1) = 0, 
where there are m terms of the form +1. Thus, 
W(f) = (41)(4D) --- (40), 


m times. 

Note, if exactly p are + and q = m-pare-, then m = p+q, and W(f) = p-q. Hence, 
m = W(f) (mod 2). Thus, W(f) is even if and only if m is even, and this completes the 
proof. 


It now makes sense to state the following definition since we know that the parity 
is indeed unique: 


Definition 11.2.2. A permutationf ¢€ S,, is said to be even if it can be written as a product 
of an even number of transpositions. Similarly, f is called odd if it can be written as a 
product of an odd number of transpositions. 


Definition 11.2.3. For n > 2 we define the sign function sgn : S, — (Zp, +) by setting 
sgn(z) = 0 if 7 is an even permutation and sgn(z) = 1 if 7 is an odd permutation. 


We note that if f and g are even permutations, then so are fg and f! and also the 
identity permutation is even. Furthermore, if f is even and g is odd, it is clear that fg is 
odd. From this it is straightforward to establish the following: 


Lemma 11.2.4. The map sgn is a homomorphism from S,, for n = 2, onto (Z», +). 


We now let 
An = {7 € S, : sgn(z) = O}. 


That is, A, is precisely the set of even permutations in S,,. 


Theorem 11.2.5. For eachn € N, n = 2, the set A, forms a normal subgroup of index 2 in 
S,, called the alternating group on n symbols. Furthermore, |A,| = a 
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Proof: By Lemma 11.2.4 sgn: S, — (Z),+) is a homomorphism. Then ker(sgn) = A,; 
therefore, A,, is a normal subgroup of S,. Since im(sgn) = Z,, we have |im(sgn)| = 2, 
hence, |S,,/A,| = 2. Therefore, [S, : A,] = 2. Since |S,| = n!, then |A,| = z follows from 
Lagrange’s theorem. 


11.3 The Conjugation in S, 


Recall that in a group G, two elements x, y € G are conjugates if there exists ag € Gwith 
g ‘xg = y. Conjugacy is an equivalence relation on G. In the symmetric groups S,,, it is 
easy to determine if two elements are conjugates. We say that two permutations in S,, 
have the same cycle structure if they have the same number of cycles and the lengths 
are the same. Hence, for example in Sz the permutations 


mt, = (1,3,6,7)(2,5) and 7 = (2,3,5,6)(1,8) 


have the same cycle structure. In particular, if 7,, 7, are two permutations in S,,, then 
1, M) are conjugates if and only if they have the same cycle structure. Therefore, in Sg, 
the permutations 


mt, = (1,3,6,7)(2,5) and 7 = (2,3,5,6)(1,8) 


are conjugates. 


Lemma 11.3.1. Let 


T= (Ay, Ayo, eles 5 ayy, ) oe (A515 aso, wale Asx.) 


be the cycle decomposition of 7 € S,. Let tT € S,, and denote the image of a; under t by Gi. 
Then 


THE = (Ay, Qyy,.--s ig, ) + (sas Boe «sx, 


Proof: (a) Consider a,,, then operating on the left like functions, we have 


ai 
mt (aj) = TH(ay) = Tay) = ap. 


The same computation then follows for all the symbols a,,, proving the lemma. 


i? 
Theorem 11.3.2. Two permutations 7,7, € S, are conjugates if and only if they are of 
the same cycle structure. 


Proof. Suppose that 7, = t,7~1. Then, from Lemma 11.3.1, we have that 7, and 7, are 
of the same cycle structure. 
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Conversely, suppose that 7, and 7, are of the same cycle structure. Let 


TT = (Ay; ayo, ween Ayy.,) baci (A515 as, re) Asx.) 
Ty = (Dyy, Dyas. +s Da,) +++ Bsa» Deas «+» Dok)» 
where we place the cycles of the same length under each other. Let tT be the permutation 


in S, that maps each symbol in zr, to the digit below it in 7,. Then, from Lemma 11.3.1, 
we have t,t! = m1; hence, 7, and 7, are conjugate. 


11.4 The Simplicity of A, 


A simple group is a group G with no nontrivial proper normal subgroups. Up to this 
point, the only examples we have of simple groups are cyclic groups of prime order. In 
this section, we prove that if n > 5, each alternating group A, is a simple group. 


Theorem 11.4.1. For eachn > 3 eachr € A, is a product of cycles of length 3. 


Proof: Let z € A,. Since 7 is a product of an even number of transpositions to prove 
the theorem, it suffices to show that if t,, 7, are transpositions, then 7,7, is a product of 
3-cycles. 

The statement holds certainly for n = 3. Now, let n > 4. 

Suppose that a, b, c, d are different digits in {1,...,n}. There are three cases to con- 
sider. First: 


Case (1): (a,b)(a,b) =1 = (1,2, 3)°; 


hence, it is true here. 
Next: 


Case (2): (a, b)(b,c) = (c, a, b); 


hence, it is also true here. 
Finally: 


Case (3): (a, b)(c, d) = (a, b)(b, c)(b, c)(c, d) = (c, a, b)(c, d, b) 


since (b, c)(b, c) = 1. Therefore, it is also true here, proving the theorem. 
Now our main result: 
Theorem 11.4.2. For n > 5, the alternating group A, is a simple non-Abelian group. 


Proof: Suppose that N is a nontrivial normal subgroup of A, with n > 5. We show that 
N =A,; hence, A,, is simple. 
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We claim first that N must contain a 3-cycle. Let 1 # 7 € N, then zis not a transposi- 
tion since z € A,. Therefore, z moves at least 3 digits. If 7 moves exactly 3 digits, then it 
is a 3-cycle, and we are done. Suppose then that z moves at least 4 digits. Let 7 = T, --- 7, 
with 7; disjoint cycles. 

Case (1): There is a 7; = (...,a,b,c, d). Set o = (a,b,c) € Ay. Then 


mon | = TOT; | = (b,c, d). 


However, from Lemma 11.3.1, (b,c, d) = (a, b,c"). Furthermore, since z ¢ N and N is 
normal, we have 


n(on'a"*) = (b,c, d)(a,c, b) = (a, d,b). 


Therefore, in this case, N contains a 3-cycle. 
Case (2): There is a 7;, which is a 3-cycle. Then 


m = (a,b,c)(d,e,...). 
Now, set o = (a,b, d) € A,, and then 
non! = (b,c,e) = (a”,b", a"), 
and 
o ‘non! = (a,d, b)(b, c, e) = (b,c, e,d,a) € N. 


Now, use Case (1). Therefore, in this case, N has a 3-cycle. 

In the final case, z is a disjoint product of transpositions. 

Case (3): a = (a,b)(c, d)---. Since n > 5, there exists ane # a,b,c,d. We now set 
o = (a,c,e) € A,. Then non! = (b,d,e,) with e, = e” + b,d. However, we have 
(a",c",e") = (b,d,e,). Let y = (0 ‘o)m". This is in N since N is normal. If e = e;, 
then y = (e,c,a)(b,d,e) = (a,e,b,d,c), and we can use Case (1) to get that N contains a 
3-cycle. Ife # e,, then y = (e,c,a)(b,d,e,) € N, and then we can use Case (2) to obtain 
that N contains a 3-cycle. 

These three cases show that N must contain a 3-cycle. 

If N isnormal in A,, then from the argument above, N contains a 3-cycle t. However, 
from Theorem 11.3.2, any two 3-cycles in S, are conjugate. Hence, 7 is conjugate to any 
other 3-cycle in S,. Since N is normal in A, and Tt € N, each of these conjugates must 
also be in N. Therefore, N contains all 3-cycles in S,,. From Theorem 11.4.1, each element 
of A, is a product of 3-cycles. It follows then that each element of A,, is in N. However, 
since N c A,, this is only possible if N = A,, completing the proof. 


Theorem 11.4.3. Letn ¢ NandU c S, a subgroup. Let t = (1,2) be a transposition and 
a = (1,2,d3,...,a,) ann-cycle with a,t € U. Then U = S,. 
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Proof. Let 


Then, from Lemma 11.3.1, we have 
nan | = (1,2,...,n). 


Furthermore, (1,2)! = (1,2). Hence, U, = Uz! contains (1,2) and (1,2,...,7). 
Now we have 


(1,2,...,n)(1,2)(1,2,...,n)? = (2,3) € Uj. 
Analogously, 
(1,2,...,n)(2,3)(1,2,...,n) = (3,4) € U;, 
and so on until 
(1,2,...,n)(n-2,n—-1)(1,2,...,n)) =(n-1,n) € Uy. 
Hence, the transpositions (1, 2), (2,3),...,(m —1,n) € U,. Moreover, 
(1, 2)(2, 3)(4, 2) = (1,3) € U,. 
In an identical fashion, each (1, k) € U;. Then for any digits s, t, we have 
(1, s)(4, t)(, s) = (s, t) € Uj. 


Therefore, U; contains all the transpositions of S,,; hence, U, = S,,. Since U = 1U,771, we 
must also have U = S,. 


We end this chapter with the following corollary. 


Corollary 11.4.4. Letp be aprime number and U c S, a subgroup. Let t be a transposition 
and a be a p-cycle with a, t « U. Then U = S,. 


Proof. Suppose, without loss of generality, that 7 = (1,2). Since a,...,a”"! are p-cycles 
with no fixed points (recall that p is a prime number), there exists an i with a‘(1) = 2. 
Without loss of generality, we may assume that a = (1,2,a3,...,@,). Now the result fol- 
lows from Theorem 11.4.3. 
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11.5 Exercises 


1. 


Show that for n > 3, the group A, is generated by {(1, 2, k) : k > 3}. 

Let o = (k,,...,k,) € S, be a permutation. Show that the order of a is the least 

common multiple of k,,...,k,. Compute the order of t = (3234397) €S,. 

Let G = Sy. 

(i) Determine a noncyclic subgroup H of order 4 of G. 

(ii) Show that H is normal. 

(iii) Show that f(g)(h) := ghg™! defines an epimorphism f : G > Aut(H) for g « G 
and h ¢ H. Determine its kernel. 

Show that all subgroups of order 6 of S, are conjugate. 

Let o, = (1,2)(3, 4) and a = (1,3)(2,4) € S,. Determine zt € S, such that ta,77* = 05. 

Let o = (a),..., Ax) € Sp. Describe a1. 


12 Solvable Groups 


12.1 Solvability and Solvable Groups 


The original motivation for Galois theory grew out of a famous problem in the theory of 
equations. This problem was to determine the solvability or insolvability of a polynomial 
equation of degree 5 or higher in terms of a formula involving the coefficients of the 
polynomial and only using algebraic operations and radicals. This question arose out of 
the well-known quadratic formula. 

The ability to solve quadratic equations and, in essence, the quadratic formula was 
known to the Babylonians some 3600 years ago. With the discovery of imaginary num- 
bers, the quadratic formula then says that any second degree polynomial over C can 
be solved by radicals in terms of the coefficients. In the sixteenth century, the Italian 
mathematician, Niccolo Tartaglia, discovered a similar formula in terms of radicals to 
solve cubic equations. This cubic formula is now known erroneously as Cardano’s for- 
mula in honor of Cardano, who first published it in 1545. An earlier special version of 
this formula was discovered by Scipione del Ferro. Cardano’s student, Ferrari, extended 
the formula to solutions by radicals for fourth degree polynomials. The combination of 
these formulas says that polynomial equations of degree four or less over the complex 
numbers can be solved by radicals. 

From Cardano’s work until the very early nineteenth century, attempts were made 
to find similar formulas for degree five polynomials. In 1805, Ruffini proved that fifth de- 
gree polynomial equations are insolvable by radicals in general. Therefore, there exists 
no comparable formula for degree 5. Abel (in 1825-1826) and Galois (in 1831) extended 
Ruffini’s result and proved the insolubility by radicals for all degrees five or greater. In 
doing this, Galois developed a general theory of field extensions and its relationship to 
group theory. This has come to be known as Galois theory and is really the main focus 
of this book. 

The solution of the insolvability of the quintic and higher polynomials involved a 
translation of the problem into a group theory setting. For a polynomial equation to 
be solvable by radicals, its corresponding Galois group (a concept we will introduce in 
Chapter 16) must be a solvable group. This is a group with a certain defined structure. In 
this chapter, we introduce and discuss this class of groups. 

A normal series for a group G is a finite chain of subgroups beginning with G and 
ending with the identity subgroup {1} 


G = Go 2 Gy D Gy D+ D Gy_y > Gy = {1}, 


in which each G;,; is a proper normal subgroup of G;. The factor groups G;/G;,, are 
called the factors of the series, and n is the length of the series. 
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Definition 12.1.1. A group G is solvable if it has a normal series with Abelian factors; 
that is, G;/G;,, is Abelian for alli = 0,1,...,n—1. Such a normal series is called a solvable 
series. 


If G is an Abelian group, then G = Gy > {1} provides a solvable series. Hence, any 
Abelian group is solvable. Furthermore, the symmetric group S3 on 3-symbols is also 
solvable, however, non-Abelian. Consider the series 


S3 > A3 > {I}. 


Since |S3| = 6, we have |A3| = 3; hence, A3 is cyclic and therefore Abelian. Furthermore, 
|S3/A3| = 2; hence, the factor group S3/A3 is also cyclic, thus Abelian. Therefore, the 
series above gives a solvable series for S3. 


Lemma 12.1.2. IfG is a finite solvable group, then G has a normal series with cyclic fac- 
tors. 


Proof. If G is a finite solvable group, then by definition, it has a normal series with 
Abelian factors. Hence, to prove the lemma, it suffices to show that a finite Abelian group 
has anormal series with cyclic factors. Let A be a nontrivial finite Abelian group. We do 
an induction on the order of A. If |A| = 2, then A itself is cyclic, and the result follows. 
Suppose that |A| > 2. Choose an1 # a € A. Let N = (a) so that N is cyclic. Then we have 
the normal series A > N > {1} with A/N Abelian. Moreover, A/N has order less than A, 
so A/N has a normal series with cyclic factors, and the result follows. 


Solvability is preserved under subgroups and factor groups. 


Theorem 12.1.3. Let G be a solvable group. Then the following hold: 
(1) Any subgroup H of G is also solvable. 
(2) Any factor group G/N of G is also solvable. 


Proof. (1) Let G bea solvable group, and suppose that 
G=G)>G,>---2G,= {i} 


is a solvable series for G. Hence, G;,, isa normal subgroup of G; for each i, and the factor 
group G;/G;,,. is Abelian. 
Now let H be a subgroup of G, and consider the chain of subgroups 


H =HnNG) > HnG,>-:-> HG, = {hh 


Since G;,, is normal in G;, we know that Hn G;,, is normal in H n G;; this gives a finite 
normal series for H. Furthermore, from the second isomorphism theorem, we have 


(H 0 G;)/(H.0 Gi,1) = (H 9 G))/((H_ 9G) 9 Giz) 
= (HN G)Gi4/Gisy © G/Gixy 
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for each i. However, G;/G;,, is Abelian, so each factor in the normal series for H is 
Abelian. Therefore, the above series is a solvable series for H; hence, H is also solvable. 
(2) Let N be a normal subgroup of G. Then from (1) N is also solvable. As above, let 


G=G6)2G,5-:-5G,={} 
be a solvable series for G. Consider the chain of subgroups 
G/N = G)N/N > G,N/N >--- > G,N/N = N/N = {1}. 
Let m € G;_,,n € N. Then since N is normal in G, 
(mn)'G,N(mn) = nm 'G;mnN = n'G,nN 
=n 'NG; = NG; = GN. 


It follows that G;,,N is normal in G;N for each i; therefore, the series for G/N is anormal 
series. 
Again, from the isomorphism theorems, 


(GiN/N)/(Gi,N/N) = Gi/(G,A Gi.N) 
= (Gj/Gix1)/ (G9 Gig4N)/Gix1)- 


However, the last group (G;/G;,1)/((G; M Gj4,N)/Gj,1) is a factor group of the group 
G;/G;,1, which is Abelian. Hence, this last group is also Abelian; therefore, each factor 
in the normal series for G/N is Abelian. Hence, this series is a solvable series, and G/N 
is solvable. 


The following is a type of converse of the above theorem: 


Theorem 12.1.4. Let G be a group and N anormal subgroup of G. If both N and G/N are 
solvable, then G is solvable. 


Proof. Suppose that 


N=N),2N,2-::2N,= {1} 
G/N = Go/N > G,/N D--- > G,/N = N/N = {3} 


are solvable series for N and G/N, respectively. Then 
G=G),>G,>-:->G,=N2N,2---2N,= {i} 
gives a normal series for G. Furthermore, from the isomorphism theorems again, 
Gi/Gisa = (Gi/N) (Gira /N); 


hence, each factor is Abelian. Therefore, this is a solvable series for G; hence, G is solv- 
able. 
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This theorem allows us to prove that solvability is preserved under direct products. 


Corollary 12.1.5. Let G and H be solvable groups. Then their direct product G x H is also 
solvable. 


Proof. Suppose that G and H are solvable groups and K = Gx H. Recall from Chapter 10 
that G can be considered as anormal subgroup of K with K/G = H. Therefore, Gis a solv- 
able subgroup of K, and K/G is a solvable quotient. It follows then, from Theorem 12.1.4, 
that K is solvable. 


We saw that the symmetric group S3 is solvable. However, the following theorem 
shows that the symmetric group S,, is not solvable for n > 5. This result will be crucial 
to the proof of the insolvability of the quintic and higher polynomials. 


Theorem 12.1.6. For n > 5, the symmetric group S,, is not solvable. 


Proof: Forn > 5, we saw that the alternating group A, is simple. Furthermore, A, is non- 
Abelian. Hence, A, cannot have a nontrivial normal series, and so no solvable series. 
Therefore, A, is not solvable. If S, were solvable for n > 5, then from Theorem 12.1.3, 
A, would also be solvable. Therefore, S,, must also be nonsolvable for n > 5. 


In general, for a simple, solvable group we have the following: 
Lemma 12.1.7. Ifa group G is both simple and solvable, then G is cyclic of prime order. 


Proof. Suppose that G is a nontrivial simple, solvable group. Since G is simple, the only 
normal series for G is G = Gp > {1}. Since G is solvable, the factors are Abelian; hence, 
G is Abelian. Again, since G is simple, G must be cyclic. If G were infinite, then G = 
(Z, +). However, then 2Z is a proper normal subgroup, a contradiction. Therefore, G 
must be finite cyclic. If the order were not prime, then for each proper divisor of the 
order, there would be a nontrivial proper normal subgroup. Therefore, G must be of 
prime order. 


In general, a finite p-group is solvable. 
Theorem 12.1.8. A finite p-group G is solvable. 


Proof. Suppose that |G| = p”. We do this by induction on n. Ifn = 1, then |G| = p, and Gis 
cyclic, hence Abelian and therefore solvable. Suppose that n > 1. Then as used previously 
G has a nontrivial center Z(G). If Z(G) = G, then G is Abelian; hence solvable. If Z(G) # 
G, then Z(G) is a finite p-group of order less than p”. From our inductive hypothesis, 
Z(G) must be solvable. Furthermore, G/Z(G) is then also a finite p-group of order less 
than p”, so it is also solvable. Hence, Z(G) and G/Z(G) are both solvable. Therefore, from 
Theorem 12.1.4, G is solvable. 
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12.2 The Derived Series 


Let G be a group, and let a,b € G. The product aba ‘b” is called the commutator of a 
and b. We write [a, b] = aba'b™'. 
Clearly, [a, b] = 1if and only if a and b commute. 


Definition 12.2.1. Let G' be the subgroup of G, which is generated by the set of all com- 
mutators 


G' = gp({luy] : %y € GH). 


G’ is called the commutator or (derived) subgroup of G. We sometimes write G' = [G, G]. 


Theorem 12.2.2. For any group G, the commutator subgroup G’ is a normal subgroup of 
G, and G/G' is Abelian. Furthermore, if H is anormal subgroup of G, then G/H is Abelian 
if and only ifG' c H. 


Proof. The commutator subgroup G’ consists of all finite products of commutators and 
inverses of commutators. However, 


[a,b] + = (aba“'b) * = bab ‘a = [b, a], 


and so the inverse of a commutator is once again a commutator. It then follows that G’ is 
precisely the set of all finite products of commutators; that is, G' is the set of all elements 
of the form 


Aihgetoh 


where each h; is a commutator of elements of G. 

If h = [a,b] for a,b € G, then for x € G,xhx! = [xax"1, xbx"+] is again a commutator 
of elements of G. Now from our previous comments, an arbitrary element of G’ has the 
form h,h,---h,, where each h; is a commutator. 

Thus, x(h,hy--- h,)x? = (xhyx?) (xx) see (xh,,x~*) and, since by the above each 
xh,x~! is a commutator, x(h,h,---h,)x"' € G'. It follows that G’ is a normal subgroup 
of G. 

Consider the factor group G/G’. Let aG' and bG’ be any two elements of G/G’. Then 


[aG’, bG'] = aG' -bG' -(aG') ' - (bG') * 
=aG' -bG’-a'c'.b'G' = aba'b'G' =G' 


since [a,b] ¢ G’. In other words, any two elements of G/G’ commute; therefore, G/G’ is 
Abelian. 

Now let N be a normal subgroup of G with G/N Abelian. Let a,b € G, then aN and 
bN commute since G/N is Abelian. Therefore, 
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[aN,bN] = aNbNa ‘Nb"1N = aba 'b'N =N. 


It follows that [a,b] ¢ N. Therefore, all commutators of elements in G lie in N; thus, 
G' CN. 


From the second part of Theorem 12.2.2, we see that G’ is the minimal normal sub- 
group of G such that G/G’ is Abelian. We call G/G' = G,, the Abelianization of G. 

We consider next the following inductively defined sequence of subgroups of an 
arbitrary group G called the derived series: 


Definition 12.2.3. For an arbitrary group G, define G° = G and G™ = G’, and then, 
inductively, G"*? = (G™)'. That is, G*” is the commutator subgroup or derived group 
of G. The chain of subgroups 


CEG" S56" seca 6"S 


is called the derived series for G. 


Notice that since G“* is the commutator subgroup of G”, we have G?/G is 
Abelian. If the derived series was finite, then G would have a normal series with Abelian 
factors; hence would be solvable. The converse is also true and characterizes solvable 
groups in terms of the derived series. 


Theorem 12.2.4. A group G is solvable if and only if its derived series is finite. That is, 
there exists ann such that G™ = {1}. 


Proof. If G” = {1} for some n, then as explained above, the derived series provides a 
solvable series for G; hence, G is solvable. Conversely, suppose that G is solvable, and let 


G=G)>G,>---2G,= {I} 


be a solvable series for G. We claim first that G; > G" for all i. We do this by induction 
onr. Ifr = 0, then G = Gy = G. Suppose that G; > G. Then G} > (G™)! = G. since 
G;/G;,, is Abelian, it follows, from Theorem 12.2.2, that G;,; > G}. Therefore, G;,, > Gey, 
establishing the claim. Now if G is solvable, from the claim, we have that G, > G””. 


However, G, = {1}; therefore, G = {I}, proving the theorem. 


The length of the derived series is called the solvability length of a solvable group G. 
The class of solvable groups of class c consists of those solvable groups of solvability 
length c, or less. 


12.3 Composition Series and the Jordan-H6lder Theorem 


The concept of a normal series is extremely important in the structure theory of groups. 
This is especially true for finite groups. If 
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G=G6)2G,5-:->G,={i} and G=H)2H,5--->H,={} 


are two normal series for the group G, then the second is a refinement of the first if 
all the terms of the second occur in the first series. Furthermore, two normal series 
are called equivalent or (isomorphic) if there exists a 1-1 correspondence between the 
factors (hence the length must be the same) of the two series such that the corresponding 
factors are isomorphic. 


Theorem 12.3.1 (Schreier’s theorem). Any two normal series for a group G have equiva- 
lent refinements. 


Proof. Consider two normal series for G: 


G=G6)2G,5---5G,_1 5 G, = {I}, 
G=H)>H,>-:-> Hy. > H, = {h. 


Now define 


Gy =(GNH)Gy, f= 012... 
Hy =(GiNH)Hjy, t= 0,1,2,...,8. 


Then we have 


G = Gog > Goy D+ ++ D Gop = Gy 


= Gig 2-01 D Gy = Gy +++ D Gy = fel, 
and 


G = Ho > Ao, ities > Ho; = Ay 
= Hy >---> Hy, =H, >--: > Ais = {e}. 
Now, applying the third isomorphism theorem to the groups G;, Hj, Gi,1, Hj,1, we have 
that Gigiy) = (G; 9 Aj41)Gi,1 is a normal subgroup of Gy = (G; N Hj)Gj,1, and also that 


Ayist) = (Gia Hj) Hj41 1s a normal subgroup of Hj = (G; 0 Hj)Hj.1- Furthermore, 


Gi/Gigusy = Hyi/Ajiny- 


Thus, the above two are normal series, which are refinements of the two given series, 
and they are equivalent. 


A proper normal subgroup N of a group G is called maximal in G, if there does not 
exist any normal subgroup N c M c G with all inclusions proper. This is the group 
theoretic analog of a maximal ideal. An alternative characterization is the following: N 
is amaximal normal subgroup of G if and only if G/N is simple. 
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A normal series, where each factor is simple can have no refinements. 


Definition 12.3.2. A composition series for a group G is a normal series, where all the 
inclusions are proper and such that G;,, is maximal in G;. Equivalently, a normal series, 
where each factor is simple. 


It is possible that an arbitrary group does not have a composition series, or even if 
it does have one, a subgroup of it may not have one. Of course, a finite group does have 
a composition series. 

In the case in which a group G does have a composition series, the following impor- 
tant theorem, called the Jordan—Hélder theorem, provides a type of unique factoriza- 
tion. 


Theorem 12.3.3 (Jordan-Hélder theorem). Ifa group G has a composition series, then any 
two composition series are equivalent; that is, the composition factors are unique. 


Proof. Suppose we are given two composition series. Applying Theorem 12.3.1, we get 
that the two composition series have equivalent refinements. But the only refinement 
of a composition series is one obtained by introducing repetitions. If in the 1-1 corre- 
spondence between the factors of these refinements, the paired factors equal to {e} are 
disregarded; that is, if we drop the repetitions, clearly, we get that the original composi- 
tion series are equivalent. 


We remarked in Chapter 10 that the simple groups are important, because they play 
arole in finite group theory somewhat analogous to that of the primes in number theory. 
In particular, an arbitrary finite group G can be broken down into simple components. 
These uniquely determined simple components are, according to the Jordan—Hdlder the- 
orem, the factors of a composition series for G. 


12.4 Exercises 


1. Let K bea field and 


: a,b,c,x,y,zZ € K,abc #0 


Show that G is solvable. 
2. A group Gis called polycyclic if it has a normal series with cyclic factors. Show: 
(i) Each subgroup and each factor group of a polycyclic group is polycyclic. 
(ii) Ina polycyclic group, each normal series has the same number of infinite cyclic 
factors. 
3. Let G bea group. Show the following: 
(i) If Gis finite and solvable, then G is polycyclic. 
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(ii) If Gis polycyclic, then G is finitely generated. 
(iii) The group (Q, +) is solvable, but not polycyclic. 

4. Let N, and N, be normal subgroups of G. Show the following: 
(i) IfN, and Ny are solvable, then also N,N, is a solvable normal subgroup of G. 
(ii) Is (i) still true, if we replace “solvable” by “Abelian”? 

5. Let N,,...,N, be normal subgroups of a group G. If all factor groups G/N; are solv- 
able, then also G/(N, N--- N;,) is solvable. 


13 Group Actions and the Sylow Theorems 


13.1 Group Actions 


A group action of a group G on a set A is ahomomorphism from G into S,, the symmetric 
group on A. We say that G acts on A. Hence, G acts on A if to each g € G corresponds a 
permutation 


Ty: AA 


such that 
(1) Tg, (Tg, (a)) = Tg. g, (A) for all g,,g, € Gand for alla <A, 
(2) m(a) =aforallac A. 


For the remainder of this chapter, if g « G and a ¢€ A, we will write ga for 2,(a). Group 
actions are an extremely important idea, and we use this idea in the present chapter to 
prove several fundamental results in group theory. If G acts on the set A, then we say 
that two elements a,, a, € A are congruent under G if there exists ag € G with ga, = a. 
The set 


Gq = {a, € A: a, = ga for some g € G} 


is called the orbit of a. It consists of elements congruent to a under G. 
Lemma 13.1.1. IfG acts on A, then congruence under G is an equivalence relation on A. 


Proof. Any element a € A is congruent to itself via the identity map; hence, the relation 
is reflexive. If a, ~ a, so that ga, = a, for some g € G, then g ‘a, = a,, and so a, ~ a, 
and the relation is symmetric. Finally, if g,a, = a, and g,d) = dy, then gog,a, = a3, and 
the relation is transitive. 


Recall that the equivalence classes under an equivalence relation partition a set. 
For a given a « A, its equivalence class under this relation is precisely its orbit G,, as 
defined above. 


Corollary 13.1.2. If G acts on the set A, then the orbits under G partition the set A. 


We say that G acts transitively on A if any two elements of A are congruent under G. 
That is, the action is transitive if for any a,, a, ¢ A there is some g € Gsuch that ga, = a. 
If a € A, the stabilizer of a consists of those g € G that fix a. Hence, 


Stabg(a) = {g €¢ G: ga = a}. 


The following lemma is easily proved and left to the exercises. 
Lemma 13.1.3. IfG acts onA, then for any a « A, the stabilizer Stab¢(a) is a subgroup of G. 


https://doi.org/10.1515/9783111142524-013 


182 —— 13 Group Actions and the Sylow Theorems 


We now prove the crucial theorem concerning group actions. 


Theorem 13.1.4. Suppose that G acts onA anda « A. Let G, be the orbit of.a under G and 
Stab¢(a) its stabilizer. Then 


|G : Stabg(a)| = |G. 


That is, the size of the orbit of a is the index of its stabilizer in G. 


Proof. Suppose that g;, 2. € G with g, Stabg(a) = g» Stab¢(a); that is, they define the 
same left coset of the stabilizer. Then g;‘g, € Stabg(a). This implies that g>1g,a = a so 
that g,a = g,a. Hence, any two elements in the same left coset of the stabilizer produce 
the same image of a in G,. Conversely, if g,a = gya, then g), gy define the same left coset 
of Stab,(a). This shows that there is a one-to-one correspondence between left cosets of 
Stabg(a) and elements of G,. It follows that the size of G, is precisely the index of the 
stabilizer. 


We will use this theorem repeatedly with different group actions to obtain impor- 
tant group theoretic results. 


13.2 Conjugacy Classes and the Class Equation 


In Section 10.5, we introduced the center of a group 
Z(G) = {g €G: gg, = gig for all g, € G}, 


and showed that it is a normal subgroup of G. We use this normal subgroup in conjunc- 
tion with what we call the class equation to show that any finite p-group has a nontrivial 
center. In this section, we use group actions to derive the class equation and prove the 
result for finite p-groups. 

Recall that if G is a group, then two elements g), g, € Gare conjugate if there exists a 
g ¢ Gwith g ‘g,g = g>. We saw that conjugacy is an equivalence relation on G. For The 
equivalence class of g € Gis called its conjugacy class, which we will denote by Cl(g). 
Thus, 


Cl(g) = {g) € G: g, is conjugate to g}. 
If g € G, then its centralizer C¢(g) is the set of elements in G that commute with g: 


Ce(8) = 181 € G: 881 = 88}. 


Theorem 13.2.1. Let G be a finite group and g «€ G. Then the centralizer of g is a subgroup 
of G, and 
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IG: Co(e)| = |c1e)}. 


That is, the index of the centralizer of g is the size of its conjugacy class. 
In particular, for a finite group the size of each conjugacy class divides the order of 
the group. 


Proof. Let the group G act on itself by conjugation. That is, g(g;) = g ‘21g. It is easy 
to show that this is an action on the set G (see exercises). The orbit of g « G under this 
action is precisely its conjugacy class Cl(g), and the stabilizer is its centralizer C¢(g). The 
statements in the theorem then follow directly from Theorem 13.1.4. 


For any group G, since conjugacy is an equivalence relation, the conjugacy classes 
partition G. Hence, 


G=|Jag), 


geG 


where this union is taken over the distinct conjugacy classes. It follows that 


IGl= © |cl@), 


geG 


where this sum is taken over distinct conjugacy classes. 

If Cl(g) = {g}; that is, the conjugacy class of g is g alone, then C;-(g) = G so that g 
commutes with all of G. Therefore, in this case, g €¢ Z(G). This is true for every element 
of the center; therefore, 


G=zZ@u [J de), 


§#Z(G) 


where again the second union is taken over the distinct conjugacy classes Cl(g) with 
g ¢ Z(G). The size of G is then the sum of these disjoint pieces, so 


IG\=|Z@|+ ¥ |aw@)), 


&€#Z(G) 


where the sum is taken over the distinct conjugacy classes Cl(g) with g ¢ Z(G). However, 
from Theorem 13.2.1, |Cl(g)| = |G : Cg(g)|, so the equation above becomes 


IGI=|Z@|+ )) |G: Cele) 
§¢Z(G) 


where the sum is taken over the distinct indices |G : Cg(g)| with g ¢ Z(G). This is known 
as the class equation. 
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Theorem 13.2.2 (Class equation). Let G be a finite group. Then 
IG\=|Z(G)|+ )) |G:Coe)), 
§#Z(G) 
where the sum is taken over the distinct centralizers. 


As a first application, we prove the result that finite p-groups have nontrivial centers 
(see Lemma 10.5.6). 


Theorem 13.2.3. Let G be a finite p-group. Then G has a nontrivial center. 
Proof. Let G be a finite p-group so that |G| = p" for some n, and consider the class equa- 
tion 

IGI=|Z@|+ )) |G: Cele), 


&4#Z(G) 


where the sum is taken over the distinct centralizers. Since |G : C¢(g)| divides |G| for 
each g €G, we must have that p||G : C¢(g)| for each g «G. Furthermore, p||G|. Therefore, p 
must divide |Z(G)|; hence, |Z(G)| = p™ for some m > 1. Therefore, Z(G) is nontrivial. 


The idea of conjugacy and the centralizer of an element can be extended to sub- 
groups. If H,, H, are subgroups of a group G, then H,, H, are conjugate if there exists a 
g € Gsuch that g 1H,g = H). As for elements, conjugacy is an equivalence relation on 
the set of subgroups of G. 

If H c Gis a subgroup, then its conjugacy class consists of all the subgroups of G 
conjugate to it. The normalizer of H is 


No(H) = {g ¢ G: g ‘Hg = H}. 


As for elements, let G act on the set of subgroups of G by conjugation. That is, for 
g €G, the map is given by H + g ‘Hg. ForH ¢ G, the stabilizer under this action is pre- 
cisely the normalizer. Hence, exactly as for elements, we obtain the following theorem: 


Theorem 13.2.4. Let G be a group and H c Ga subgroup. Then the normalizer N¢(H) of 
H is a subgroup of G, H is normal in Ng(H), and 


|G : Ng(H)| = number of conjugates of H in G. 


13.3 The Sylow Theorems 


If G is a finite group and H c Gis a subgroup, then Lagrange’s theorem guarantees 
that the order of H divides the order of G. However, the converse of Lagrange’s theorem 
is false. That is, if G is a finite group of order n and if d\n, then G need not contain a 
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subgroup of order d. If d is a prime p or a power of a prime p°, however, then we shall 
see that G must contain subgroups of that order. In particular, we shall see that if p? 
is the highest power of p that divides n, then all subgroups of that order are actually 
conjugate, and we shall finally get a formula concerning the number of such subgroups. 
These theorems constitute the Sylow theorems, which we will examine in this section. 
First, we give an example, where the converse of Lagrange’s theorem is false. 


Lemma 13.3.1. The alternating group on 4 symbols A, has order 12, but has no subgroup 
of order 6. 


Proof: Suppose that there exists a subgroup U c A, with |U| = 6. Then |A, : U| = 2 since 
|A,| = 12; hence, U is normal in Ay. 

Now id, (1, 2)(3, 4), (1, 3)(2, 4), (1, 4)(2, 3) are in Ay. These each have order 2 and com- 
mute, so they form a normal subgroup V c A, of order 4. This subgroup V is isomorphic 
to Zy x Zy. Then 


IV||U| 4-6 
IVaU| |Vnul 


12 = |Ag| > |VUI = 


It follows that VNU # {1}, and since U is normal, we have that VNU is also normal in Ay. 
Now (1, 2)(3, 4) € V, and by renaming the entries in V, if necessary, we may assume 
that it is also in U, so that (1, 2)(3, 4) € Vn U. Since (1, 2,3) € Ay, we have 


(3, 2, 1)(4, 2)(3, 4)(1, 2,3) = (1,3)(2,4) e VNU, 
and then 
(3, 2, 1)(4, 4) (2, 3)(1, 2,3) = (4, 2)(3,4) e VNU. 


But then V c VNU, and so V c U. But this is impossible since |V| = 4, which does not 
divide |U| = 6. 


Definition 13.3.2. Let G be a finite group with |G| = n, and let p be a prime such that 
p“|n, but no higher power of p divides n. A subgroup of G of order p’ is called a p-Sylow 
subgroup. 


It is not a clear that a p-Sylow subgroup must exist. We will prove that for each p|n 
a p-Sylow subgroup exists. 
We first consider and prove a very special case. 


Theorem 13.3.3. Let G be a finite Abelian group, and let p be a prime such that p||G|. Then 
G contains at least one element of order p. 


Proof. Suppose that G is a finite Abelian group of order pn. We use induction on n. If 
n = 1, then G has order p, and hence is cyclic. Therefore, it has an element of order p. 
Suppose that the theorem is true for all Abelian groups of order pm with m < n, and 
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suppose that G has order pn. Suppose that g ¢ G. Ifthe order of g is pt for some integer f, 
then g‘ + 1, and g‘ has order p, proving the theorem in this case. Hence, we may suppose 
that g € Ghas order prime to p, and we show that there must be an element, whose order 
is a multiple of p, and then use the above argument to get an element of exact order p. 
Hence, we have g € G with order m, where (m, p) = 1. Since m||G| = pn, we must 
have mn. Since G is Abelian, (g) is normal, and the factor group G/(g) is Abelian of 
order D(=) < pn. By the inductive hypothesis, G/{g) has an element h(g) of order p, 
h ¢ G; hence, h? = gk for some k. gk has order m,|m; therefore, h has order pm,. Now, 
as above, h™ has order p, proving the theorem. 


Therefore, if Gis an Abelian group, and if p|n, then G contains a subgroup of order p, 
the cyclic subgroup of order p generated by an element a ¢€ Gof order p, whose existence 
is guaranteed by the above theorem. We now present the first Sylow theorem: 


Theorem 13.3.4 (First Sylow theorem). Let G be a finite group, and let p||G|, then G con- 
tains a p-Sylow subgroup; that is, a p-Sylow subgroup exists. 


Proof. Let G be a finite group of order pn, and—as above—we do induction on n. If 
n= 1, then Gis cyclic, and G is its own maximal p-subgroup; hence, all of G is a p-Sylow 
subgroup. We assume then that if |G| = pm with m < n, then G has a p-Sylow subgroup. 

Assume that |G| = p'm with (m, p) = 1. We must show that G contains a subgroup 
of order p'. If H is a proper subgroup, whose index is prime to p, then |H| = p'm, with 
m, < m. Therefore, by the inductive hypothesis, H has a p-Sylow subgroup of order p'. 
This will also be a subgroup of G, hence a p-Sylow subgroup of G. 

Therefore, we may assume that the index of any proper subgroup H of G must be 
divisible by p. Now consider the class equation for G, 


IG|=|Z@|+ Y |G: Cg(g)], 
§¢Z(G) 


where the sum is taken over the distinct centralizers. By assumption, each of the indices 
are divisible by p and also p||G|. Therefore, p||Z(G)|. It follows that Z(G) is a finite Abelian 
group, whose order is divisible by p. From Theorem 13.3.3, there exists an element g € 
Z(G) c G of order p. Since g € Z(G), we must have (g) normal in G. The factor group 
G/(g) then has order p’‘m, and—by the inductive hypothesis—must have a p-Sylow 
subgroup K of order p‘ 1, hence of index m. By the Correspondence Theorem 10.2.6, 
there is a subgroup K of G with (g) c K such that K/(g) = K. Therefore, |K| = p', and K 
is a p-Sylow subgroup of G. 


On the basis of this theorem, we can now strengthen the result obtained in Theo- 
rem 13.3.3. 


Theorem 13.3.5 (Cauchy). IfG is a finite group, and if p is a prime such that p||G|, then G 
contains at least one element of order p. 
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Proof. Let P be a p-Sylow subgroup of G, and let |P| = p'. If g « P, g + 1, then the order 
ty-1 
of gis p". Then g? has order p. 


We have seen that p-Sylow subgroups exist. We now wish to show that any two 
p-Sylow subgroups are conjugate. This is the content of the second Sylow theorem: 


Theorem 13.3.6 (Second Sylow theorem). Let G be a finite group and p a prime such that 
p\|G|. Then any p-subgroup H of G is contained in a p-Sylow subgroup. Furthermore, all 
p-Sylow subgroups of G are conjugate. That is, if P, and P, are any two p-Sylow subgroups 
of G, then there exists an a € G such that P, = aP,a"'. 


Proof. Let Q be the set of p-Sylow subgroups of G, and let G act on Q by conjugation. This 
action will, of course, partition Q into disjoint orbits. Let P be a fixed p-Sylow subgroup 
and Qp be its orbit under the conjugation action. The size of the orbit is the index of its 
stabilizer; that is, |Qp| = |G : Stabg(P)|. Now P c Stab¢(P), and P is amaximal p-subgroup 
of G. It follows that the index of Stab¢(P) must be prime to p, and so the number of 
p-Sylow subgroups conjugate to P is prime to p. 

Now let H be a p-subgroup of G, and let H act on Qp by conjugation. Qp will itself 
decompose into disjoint orbits under this actions. Furthermore, the size of each orbit is 
an index of a subgroup of H, hence must be a power of p. On the other hand, the size of 
the whole orbit is prime to p. Therefore, there must be one orbit that has size exactly 1. 
This orbit contains a p-Sylow subgroup P’, and P’ is fixed by H under conjugation; that 
is, H normalizes P’ . It follows that HP’ is a subgroup of G, and P’ is normal in HP’. From 
the second isomorphism theorem, we then obtain 


HP’ /P' = H/(HnP’). 


Since H is a p-group, the size of H/(H n P’) is a power of p; therefore, so is the size of 
HP’ /P'. But P’ is also a p-group, so it follows that HP’ also has order a power of p. Now 
P' c HP’, but P’ is a maximal p-subgroup of G. Hence, HP’ = P’. This is possible only 
if H c P’, proving the first assertion in the theorem. Therefore, any p-subgroup of G is 
obtained in a p-Sylow subgroup. 

Now let H bea p-Sylow subgroup P,, and let P, act on Qp. Exactly as in the argument 
above, P, c P’, where P’ is a conjugate of P. Since P, and P’ are both p-Sylow subgroups, 
they have the same size; hence, P, = P’. This implies that P, is a conjugate of P. Since P, 
and P are arbitrary p-Sylow subgroups, it follows that all p-Sylow subgroups are conju- 
gate. 


We come now to the last of the three Sylow theorems. This one gives us information 
concerning the number of p-Sylow subgroups. 


Theorem 13.3.7 (Third Sylow theorem). Let G be a finite group and p a prime such that 
p\|G|. Then the number of p-Sylow subgroups of G is of the form 1 + pk and divides the 
order of |G|. It follows that if |G| = p*m with (p,m) = 1, then the number of p-Sylow 
subgroups divides m. 
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Proof. Let P be a p-Sylow subgroup, and let P act on Q, the set of all p-Sylow subgroups, 
by conjugation. Now P normalizes itself, so there is one orbit, namely, P, having exactly 
size 1. Every other orbit has size a power of p since the size is the index of a nontrivial 
subgroup of P, and therefore must be divisible by p. Hence, the size of the Q is 1+pk. 


13.4 Some Applications of the Sylow Theorems 


We now give some applications of the Sylow theorems. First, we show that the converse 
of Lagrange’s theorem is true for both general p-groups and for finite Abelian groups. 


Theorem 13.4.1. Let G be a group of order p", p a prime number. Then G contains at least 
one normal subgroup of order p™ for each m such that 0 < m <n. 


Proof. We use induction on n. For n = 1, the theorem is trivial. By Lemma 10.5.7, any 
group of order p’ is Abelian. This, together with Theorem 13.3.3, establishes the claim 
for n = 2. 

We now assume the theorem is true for all groups G of order p*, where1< k < n, 
where n > 2. Let G be a group of order p”. From Lemma 10.3.4, G has a nontrivial center 
of order at least p, hence an element g € Z(G) of order p. Let N = (g). Since g € Z(G), 
it follows that N is normal subgroup of order p. Then G/N is of order p+, therefore 
contains (by the induction hypothesis) normal subgroups of orders p™ *, for 0 < m-1< 
n-—1. These groups are of the form H/N, where the normal subgroup H c G contains N 
and is of order p”,1< m <n, because |H| = |N|[H : N] = |N|-|H/N|. 


On the basis of the first Sylow theorem, we see that ifG is a finite group, and if p*||G|, 
then G must contain a subgroup of order p* . One can actually show that, as in the case 
of Sylow p-groups, the number of such subgroups is of the form 1 + pt, but we shall not 
prove this here. 


Theorem 13.4.2. Let G be a finite Abelian group of order n. Suppose that d\n. Then G 
contains a subgroup of order d. 


Proof. Suppose that n = p;'---p;« is the prime factorization of n. Then d = pis. pik 
for some nonnegative f,...,/;,. Now G has p,-Sylow subgroup H, of order oe Hence, 
from Theorem 13.4.1, H, has a subgroup K;, of order ph. Similarly, there are subgroups 
K,...,K, of G of respective orders pe, ee pie . Moreover, since the orders are disjoint, 
K(k; = {ly ifi # jand thus (K,, K,...,K,) has order |Kj||Kj|--- [Kyl = pit --- pt = d. 


In Section 10.5, we examined the classification of finite groups of small orders. Here, 
we use the Sylow theorems to extend some of this material further. 


Theorem 13.4.3. Let p, q be distinct primes with p < q and q not congruent to 1 modulo p. 
Then any group of order pq is cyclic. For example, any group of order 15 must be cyclic. 
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Proof. Suppose that |G| = pq with p < q and q not congruent to 1 modulo p. The number 
of q-Sylow subgroups is of the form 1 + gk and divides p. Since q is greater than p, this 
implies that there can be only one; hence, there is a normal qg-Sylow subgroup H. Since 
qis a prime, H is cyclic of order q; therefore, there is an element g of order q. 

The number of p-Sylow subgroups is of the form 1+ pk and divides gq. Since q is not 
congruent to 1 modulo p, this implies that there also can be only one p-Sylow subgroup; 
hence, there is a normal p-Sylow subgroup K. Since p is a prime K is cyclic of order p; 
therefore, there is an element h of order p. 

Since p, q are distinct primes Hn K = {1}. Consider the element g'h ‘gh. Since 
K is normal, g ‘hg « K.Theng ‘hgh = (g'h‘g)h € K. But H is also normal, so 
h-1gh € H.This then implies that g4h+gh = g4(h‘gh) ¢ H; and therefore we have 
g ‘th igh € K NH. It follows then that g-'h-‘gh = 1 or gh = hg. Since g, h commute, the 
order of gh is the lcm of the orders of g and h, which is pq. Therefore, G has an element 
of order pq. Since |G| = pq, this implies that G is cyclic. 


In the above theorem, since we assumed that q is not congruent to 1 modulo p, hence 
p # 2. Inthe case where p = 2, we get another possibility. 


Theorem 13.4.4. Let p be an odd prime and G a finite group of order 2p. Then either G is 
cyclic, or Gis isomorphic to the dihedral group of order 2p; that is, the group of symmetries 
of aregular p-gon. In this latter case, G is generated by two elements, g and h, which satisfy 
the relations g? = h? = (gh)? =1. 


Proof. As in the proof of Theorem 13.4.3, G must have a normal cyclic subgroup of or- 
der p, say (g). Since 2||G|, the group G must have an element of order 2, say h. Consider 
the order of gh. By Lagrange’s theorem, this element can have order 1, 2, p, 2p. If the 
order is 1, then gh = 1org = h' = Ah. This is impossible since g has order p, and h 
has order 2. If the order of gh is p, then from the second Sylow theorem, gh ¢€ (g). But 
this implies that h € (g), which is impossible since every nontrivial element of (g) has 
order p. Therefore, the order of gh is either 2 or 2p. 

If the order of gh is 2p, then since G has order 2p, it must be cyclic. 

If the order of gh is 2, then within G, we have the relations g? = h? = (gh)? = 1. Let 
H = (g,h) be the subgroup of G generated by g and h. The relations g? = h? = (gh) =1 
imply that H has order 2p. Since |G| = 2p, we get that H = G. G is isomorphic to the 
dihedral group D, of order 2p (see exercises). 

In the above description, g represents a rotation of 7 of a regular p-gon about its 
center, whereas h represents any reflection across a line of symmetry of the regular 


p-gon. 


Example 13.4.5 (The groups of order 21). Let G be a group of order 21. The number of 
7-Sylow subgroups of G is 1, because it is of the form 1 + 7k and divides 3. Hence, the 
7-Sylow subgroup K is normal and cyclic; that is, K « G and K = (a) witha of order 7. 

The number of 3-Sylow subgroups is analogously 1 or 7. If it is 1, then we have exactly 
one element of order 3 in G, and if it is 7, there are 14 elements of order 3 in G. 
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Let b be an element of order 3. Then bab" = a” for some r with 1 < r < 6. Now, 
a= bab? = a”: hence, r? = 1in Ze, which implies r = 1,2 or 4. The map b 6 ba a” 
defines an automorphism of G, because @ =a. Hence, up to isomorphism, there are 
exactly two groups of order 21. If r = 1, then Gis Abelian. 

In fact, G = (ab) is cyclic of order 21. The group for r = 2 can be realized as a 
subgroup of S;. Let a = (1,2,3,4,5,6,7) and b = (2,3,5)(4,7,6). Then bab! = a? and 
(a, b) has order 21. 


We have looked at the finite fields Z,. We give an example of a p-Sylow subgroup of 
a matrix group over Z,. 


Example 13.4.6. Consider GL(n,p), the group of n x n invertible matrices over Z,. If 
{v,,...,V,} is a basis for (Zp)" over Zy, then the size of GL(n, p) is the number of inde- 
pendent images {w,,...,W,} of {v,,...,V,}. For w, there are p” — 1 choices; for w, there 
are p" — p choices and so on. It follows that 


n(n-1) 


|GL(n, p)| = (p" -1)(p" - p)---(p" - p™) = pr m= ptm 


with (p,m) = 1. Therefore, a p-Sylow subgroup must have size p. 
Let P be the subgroup of upper triangular matrices with 1’s on the diagonal. Then P 


has size p!t2*"*"-D) — p“", and is therefore a p-Sylow subgroup of GL(n, p). 


The final example is a bit more difficult. We mentioned that a major result on finite 
groups is the classification of the finite simple groups. This classification showed that 
any finite simple group is either cyclic of prime order, in one of several classes of groups 
such as the A,, n > 4, or one of a number of special examples called sporadic groups. 
One of the major tools in this classification is the following famous result, called the 
Feit-Thompson theorem, which showed that any finite group G of odd order is solvable 
and, in addition, if G is not cyclic, then G is nonsimple. 


Theorem 13.4.7 (Feit-Thompson theorem). Any finite group of odd order is solvable. 


The proof of this theorem, one of the major results in algebra in the twentieth cen- 
tury, is way beyond the scope of this book. The proof is actually hundreds of pages in 
length, when one counts the results used. However, we look at the smallest non-Abelian 
simple group. 


Theorem 13.4.8. Suppose that G is a simple group of order 60. Then G is isomorphic to As. 
Moreover, A; is the smallest non-Abelian finite simple group. 


Proof. Suppose that G is a simple group of order 60 = 2” - 3-5. The number of 5-Sylow 
subgroups is of the form 1+ 5k and divides 12. Hence, there is 1 or 6. Since G is assumed 
simple, and all 5-Sylow subgroups are conjugate, there cannot be only one. Hence, there 
are 6. Since each of these is cyclic of order 5 they intersect only in the identity. Hence, 
these 6 subgroups cover 24 distinct elements. 
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The number of 3-Sylow subgroups is of the form 1 + 3k and divides 20. Hence, there 
are 1, 4, 10. We claim that there are 10. There cannot be only 1, since G is simple. Suppose 
there were 4. Let G act on the set of 3-Sylow subgroups by conjugation. Since an action 
is a permutation, this gives ahomomorphism f from G into S,. By the first isomorphism 
theorem, G/ ker(f) = im(f). 

However, since G is simple, the kernel must be trivial, and this implies that G would 
imbed into S,. This is impossible, since |G| = 60 > 24 = |S,|. Therefore, there are 10 
3-Sylow subgroups. Since each of these is cyclic of order 3, they intersect only in the 
identity. Therefore, these 10 subgroups cover 20 distinct elements. Hence, together with 
the elements in the 5-Sylow subgroups, we have 44 nontrivial elements. 

The number of 2-Sylow subgroups is of the form 1 + 2k and divides 15. Hence, there 
are 1, 3, 5, 15. We claim that there are 5. As before, there cannot be only 1, since G is sim- 
ple. There cannot be 3, since as for the case of 3-Sylow subgroups, this would imply an 
imbedding of G into S3, which is impossible, given |S3| = 6. Suppose that there were 15 
2-Sylow subgroups, each of order 4. The intersections would have a maximum of 2 ele- 
ments. Therefore, each of these would contribute at least 2 distinct elements. This gives 
a minimum of 30 distinct elements. However, we already have 44 nontrivial elements 
from the 3-Sylow and 5-Sylow subgroups. Since |G| = 60, this is too many. Therefore, G 
must have 5 2-Sylow subgroups. 

Now let G act on the set of 2-Sylow subgroups. This then, as above, implies an imbed- 
ding of G into S;, so we may consider G as a subgroup of S;. However, the only subgroup 
of S; of order 60 is A;; therefore, G = As. 

The proof that A; is the smallest non-Abelian simple group is actually brute force. 
We show that any group G of order less than 60 either has prime order, or is nonsimple. 
There are strong tools that we can use. By the Feit-Thompson theorem, we must only 
consider groups of even order. From Theorem 13.4.4, we do not have to consider or- 
ders 2p. The rest can be done by an analysis using Sylow theory. For example, we show 
that any group of order 20 is nonsimple. Since 20 = 2” - 5, the number of 5-Sylow sub- 
groups is 1+5k and divides 4. Hence, there is only one; therefore, it must be normal, and 
so Gis nonsimple. There is a strong theorem by Burnside, whose proof is usually done 
with representation theory (see Chapter 22), which says that any group, whose order is 
divisible by only two primes, is solvable. Therefore, for |G| = 60, we only have to show 
that groups of order 30 = 2-3-5 and 42 = 2-3-7 are nonsimple. This is done in the same 
manner as the first part of this proof. Suppose |G| = 30. The number of 5-Sylow sub- 
groups is of the form 1+ 5k and divides 6. Hence, there are 1 or 6. If G were simple there 
would have to be 6 covering 24 distinct elements. The number of 3-Sylow subgroups is 
of the form 1 + 3k and divides 10; hence, there are 1 or 10. If there were 10 these would 
cover an additional 20 distinct elements, which is impossible, since we already have 24 
and G has order 30. Therefore, there is only one, hence a normal 3-Sylow subgroup. It fol- 
lows that G cannot be simple. The case |G| = 42 is even simpler. There must be a normal 
7-Sylow subgroup. 
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13.5 Exercises 


Ds 


10. 


11. 


Prove Lemma 13.1.3. 

Let the group G act on itself by conjugation; that is, g(g,) = g-‘g,g. Prove that this 
is an action on the set G. 

Show that the dihedral group D,, of order 2n has the presentation 


Cpr =f age) 


(see Chapter 14 for group presentations). 

Show that each group of order < 59 is solvable. 

Show that there is no simple group of order 84. 

Let P, and P, be two different p-Sylow subgroups of a finite group G. Show that P,P, 

is not a subgroup of G. 

Let P and Q be two p-Sylow subgroups of the finite group G. If Z(P) is a normal 

subgroup of Q, then Z(P) = Z(Q). 

Let G be a finite group. For a prime p the following are equivalent: 

(i) Ghas exactly one p-Sylow subgroup. 

(ii) The product of any two elements of order p has some order pk ; 

Let p be a prime and G = SL(2, p). Let P = (a), where a = (31). 

(i) Determine the normalizer N,(P) and the number of p-Sylow subgroups of G. 

(ii) Determine the centralizer C¢(a). How many elements of order p does G have? 
In how many conjugacy classes can they be decomposed? 

(iii) Show that all subgroups of G of order p(p — 1) are conjugate. 

(iv) Show that G has no elements of order p(p — 1) for p = 5. 

Let G be a finite group and N a normal subgroup such that |N| is a power of p. Show 

that N is contained in every p-Sylow subgroup of G. 

Let p be a prime number, and let P and Q be two p-Sylow subgroups of the finite 

group G such that P is contained in Ngg). Show that P = Q. 


14 Free Groups and Group Presentations 


14.1 Group Presentations and Combinatorial Group Theory 


In discussing the symmetric group on 3 symbols and then the various dihedral groups 
in Chapters 9, 10, and 11, we came across the concept of a group presentation. Roughly, 
for a group G, a presentation consists of a set of generators X for G, so that G = (X), 
and a set of relations between the elements of X, from which—in principle—the whole 
group table can be constructed. In this chapter, we make this concept precise. As we will 
see, every group G has a presentation, but it is mainly in the case where the group is 
finite or countably infinite that presentations are most useful. Historically, the idea of 
group presentations arose out of the attempt to describe the countably infinite funda- 
mental groups that came out of low dimensional topology. The study of groups using 
group presentations is called combinatorial group theory. 

Before looking at group presentations in general, we revisit two examples of finite 
groups and then a class of infinite groups. 

Consider the symmetric group on 3 symbols, S3. We saw that it has the following 6 


elements: 
a aa 2 ss b= (5 
3 23 1 3 
-) d- c 2 
3 3 2 


Notice that a® = 1, C= 1, and that ac = ca’. We claim that 


Il 
a 
pe 
Rm Db BO bd 


Re Ww 
NS 
an 
Il 
a 
pe 
wh rR BDO 
Do Ww 
NS 


(a, ¢; a’ = c’ = (ac) = 1) 


is a presentation for S3. First, it is easy to show that S3 = (a,c). Indeed, 


1=4, a=a, beat, eS, doa, e= a6, 


and so a,c generate S3. 

Now from (ac)? = acac = 1, we get that ca = a’c. This implies that if we write any 
sequence (or word in our later language) in a and c, we can also rearrange it so that 
the only nontrivial powers of a are a and a”; the only powers of c are c, and all a terms 
precede c terms. For example, 


aca’ cac = aca(acac) = a(ca) = a(a’c) = (a*)c = ¢. 


Therefore, using the three relations from the presentation above, each element of S; can 
be written as a“c’ with a = 0,1,2 and B = 0,1. From this the multiplication of any two 
elements can be determined. 


https://doi.org/10.1515/9783111142524-014 
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This type of argument exactly applies to all the dihedral groups D,,. We saw that, in 
general, |D,,| = 2n. Since these are the symmetry groups of a regular n-gon, we always 
have a rotation r of angle a about the center of the n-gon. This element r would have 
order n. Let f bea reflection about any line of symmetry. Then f” = 1, and rf is a reflec- 
tion about the rotated line, which is also a line of symmetry. Therefore, (rf)? = 1. Exactly 
as for S3, the relation (rf)” = 1 implies that fr = rtf = r""'f. This allows us to always 
place r terms in front of f terms in any word on r and f. Therefore, the elements of D, 
are always of the form 


r*f8 ag =0,1,2,...,n-1, B=0,1. 


Moreover, the relations r" = f? = (rf)? = 1 allow us to rearrange any word in r and f 
into this form. It follows that |(r,f)| = 2n; hence, D, = (r,f) together with the relations 
above. Hence, we obtain the following: 


Theorem 14.1.1. If D,, is the symmetry group of a regular n-gon, then a presentation for 
D,, is given by 


D, = (r.fir" =f? = (rf =1). 


(See Section 14.3 for the concept of group presentations.) 


We now give one class of infinite examples. If G is an infinite cyclic group, so that 
G = Z, then G = (g;_) is a presentation for G. That is, G has a single generator with no 
relations. 

A direct product of n copies of Z is called a free Abelian group of rank n. We will 
denote this by Z”. A presentation for Z” is then given by 


ZO = (Xq, Xpp 06 Xp XGXj = GX; for alli,j = 1,...,n). 


14.2 Free Groups 


Crucial to the concept of a group presentation is the idea of a free group. 


Definition 14.2.1 (Universal mapping property). A group F is free on a subset X if every 
map f : X — G with Ga group can be extended to a unique homomorphism f : F > G. 
X is called a free basis for F. In general, a group F is a free group if it is free on some 
subset X. If X is a free basis for a free group F, we write F = F(X). 


We first show that given any set X, there does exist a free group with free basis X. 
Let X = {x;}ic; be a set (possibly empty). We will construct a group F(X), which is free 
with free basis X. First, let X-' be a set disjoint from X, but bijective to X. If x; ¢ X, then 
we denote as x; 1 the corresponding element of X~‘ under the bijection, and say that x; 
and x;' are associated. The set X~* is called the set of formal inverses from X, and we 
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call X UX the alphabet. Elements of the alphabet are called letters. Hence, a letter has 
the form x where é€; = +1. Aword in X is a finite sequence of letters from the alphabet. 
That is a word has the form 


2 xX", 
th 


where Xj, € X,and Ej, = +1. Ifn = 0, we call it the empty word, which we will denote as e. 
The integer nis called the length of the word. Words of the form x;x; tor xX, 1x, are called 
trivial words. We let W(X) be the set of all words on X. 

If w,,w, € W(X), we say that w, is equivalent to w,, denoted as w, ~ Wy, if w, can 
be converted to w, by a finite string of insertions and deletions of trivial words. For 
example, if wy = X3XxX4Xq 1x5X_ and W) = X3X>X», then w, ~ Wy, It is straightforward to 
verify that this is an equivalence relation on W(X) (see exercises). Let F(X) denote the 
set of equivalence classes in W(X) under this relation; hence, F(X) is a set of equivalence 
classes of words from X. 

Aword w € W(X) is said to be freely reduced or reduced if it has no trivial subwords 
(a subword is a connected sequence within a word). Hence, in the example above, w» = 
X3XoXy is reduced, but w, = NeXgX{ ION is not reduced. There is a unique element of 
minimal length in each equivalence class in F(X). Furthermore, this element must be 
reduced or else it would be equivalent to something of smaller length. Two reduced 
words in W(X) are either equal or not in the same equivalence class in F(X). Hence, 
F(X) can also be considered as the set of all reduced words from W(X). 

Given a word w = x; oy xe , we can find the unique reduced word w equivalent 
to w via the following free Path process. Beginning from the left side of w, we cancel 
each occurrence of a trivial subword. After all these possible cancellations, we have a 
word w’. Now we repeat the process again, starting from the left side. Since w has finite 
length, eventually the resulting word will either be empty or reduced. The final reduced 
wW is the free reduction of w. 

Now we build a multiplication on F(X). If 

&i, Fin Ein € im 
PER ge ere i a 
are two words in W(X), then their concatenation w, * w, is simply placing w, after w,, 
Gi, €; E,  & 
Wy * Wy = XX, XXX, 
If w,, W, € F(X), then we define their product as 
WW» = equivalence class of w, * W». 


That is, we concatenate w, and wy, and the product is the equivalence class of the result- 
ing word. It is easy to show that if w, ~ w} and w, ~ w3, then w, * w, ~ w; * ws so that 
the above multiplication is well defined. Equivalently, we can think of this product in 
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the following way. If w,, w, are reduced words, then to find w,w,, first concatenate, and 
then freely reduce. Notice that if x, fo is a trivial word, then it is cancelled when the 
concatenation is formed. We say then that there is cancellation in forming the product 
W,W,. Otherwise, the product is formed without cancellation. 


Theorem 14.2.2. Let X be a nonempty set, and let F(X) be as above. Then F(X) is a free 
group with free basis X. Furthermore, if X = @, then F(X) = {1}; if |X| = 1, then F(X) = Z 
and if |X| = 2, then F(X) is non-Abelian. 


Proof. We first show that F(X) is a group, and then show that it satisfies the universal 
mapping property on X. We consider F(X) as the set of reduced words in W(X) with 
the multiplication defined above. Clearly, the empty word acts as the identity element 1. 
If w = x, axe pie and Ww, = x; a, thes ra “4 then both w * w, and w, * w freely 
reduce to the empty word, and $0 Ww, is the inverse of w. Therefore, each element of 
F(X) has an inverse. Therefore, to show that F(X) forms a group, we must show that the 


multiplication is associative. Let 


Gi, &; €j Gi, & Gj Ck, €k €x, 
Wy =X.1X. 2X, Wy = XX XI, We =X, 1X2 XP 
1 h Th 2 hh Ja Im 3 ky “k, ky 


be three freely reduced words in F(X). We must show that 
(WW )W3 = W,(W2W3). 


To prove this, we use induction on m, the length of w,. Ifm = 0, then w, is the 
empty word, hence the identity, and it is certainly true. Now suppose that m = 1 so that 
W, = ce We must consider exactly four cases. 

Case (1): There is no cancellation in forming either w,w, or w,W3. Put differently, 
x; Ay x, “in ,and.x, #X;, 7". Then the product w,W, is just the concatenation of the words, 
and so is (W1W)W3. The same is true for w,(W,W3). Therefore, w,(W W3) = (W,W2)W3. 

Case (2): There is cancellation in forming w,W,, but not in forming w.w3. Then if we 
concatenate all three words, the only cancellation occurs between w, and w, in either 
W(W2W3) or in (W,W2)W3; hence, they are equal. Therefore, w,(w,W3) = (W1W2)W3. 

Case (3): There is cancellation in forming w2w3, but not in forming w,w. This is 
entirely analogous to Case (2). Therefore, w,(W2W3) = (WW )W3. 

Case (4): There is cancellation in forming w,w, and also in forming w,w3. Then ee = 


a aaa ay 
x, ™and x." =x, “. Here, 
hh ky 


Th 


fy Cina yok ko kp 
W1W,)W3 =X, 10+ X. "1X, 1X, 2 eX 
(WyW2)W3 = X58 +X, NEG IG? Xe 
On the other hand, 
_ yy‘ Cin Ske kp 
W,(W2W3) SHE XE 


; G € 
However, these are equal since x," = Xj Therefore, w,(W2W3) = (WyW)W3. 
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It follows, inductively, from these four cases, that the associative law holds in F(X); 
therefore, F(X) forms a group. 

Now suppose that f : X — Gis amap from X into a group G. By the construction of 
F(X) asa set of reduced words this can be extended to a unique homomorphism. If w € F 
with w = bd 1, oe then define f(w) =f (x;,)%4 of (x;,)m. Since multiplication in F(X) 
is concatenation, this defines ahomomorphism and again form the construction of F(X), 
its the only one extending /. This is analogous to constructing a linear transformation 
from one vector space to another by specifying the images of a basis. Therefore, F(X) 
satisfies the universal mapping property of Definition 14.2.1. Hence, F(X) is a free group 
with free basis X. 

The final parts of Theorem 14.2.2 are straightforward. If X is empty, the only reduced 
word is the empty word; hence, the group is just the identity. If X has a single letter, then 
F(X) has a single generator, and is therefore cyclic. It is easy to see that it must be torsion- 
free. Therefore, F(X) is infinite cyclic; that is, F(X) = Z. Finally, if |X| > 2, let x;, x. € X. 
Then x,X_ # X»X;, and both are reduced. Therefore, F(X) is non-Abelian. 


The proof of Theorem 14.2.2 provides another way to look at free groups. 


Theorem 14.2.3. F is a free group if.and only if there is a generating set X such that every 
element of F has a unique representation as a freely reduced word on X. 


The structure of a free group is entirely dependent on the cardinality of a free basis. 
In particular, the cardinality of a free basis X for a free group F is unique, and is called 
the rank of F. If |X| < oo, F is of finite rank. If F has rank n and X = {x1,X,...,X,}, we 
say that F is free on {x,, X9,...,X,}. We denote this by F(x;, X2,...,Xn)- 


Theorem 14.2.4. If X and Y are sets with the same cardinality, that is, |X| = |Y|, then 
F(X) = F(Y), the resulting free groups are isomorphic. Furthermore, if F(X) = F(Y), then 
|X| = |Y|. 


Proof. Suppose that f : X — Y isa bijection from X onto Y. Now Y c F(Y), so there is 
a unique homomorphism @ : F(X) — F(Y) extending f. Since f is a bijection, it has an 
inverse f-! : Y > X, and since F(Y) is free, there is a unique homomorphism @, from 
F(Y) to F(X) extending f-'. Then @¢, is the identity map on F(Y), and ¢,@ is the identity 
map on F(X). Therefore, @, @; are isomorphisms with ¢ = $, t 

Conversely, suppose that F(X) = F(Y). In F(X), let N(X) be the subgroup generated 
by all squares in F(X); that is, 


N(X) = ({g? : g € F(X)}). 


Then N(X) is a normal subgroup, and the factor group F(X)/N(X) is Abelian, where 
every nontrivial element has order 2 (see exercises). Therefore, F(X)/N(X) can be con- 
sidered as a vector space over Z,, the finite field of order 2, with X as a vector space 
basis. Hence, |X| is the dimension of this vector space. Let N(Y) be the corresponding 


198 —— 14 Free Groups and Group Presentations 


subgroup of F(Y). Since F(X) = F(Y), we would have F(X)/N(X) = F(Y)/N(Y); therefore, 
|Y| is the dimension of the vector space F(Y)/N(Y). Thus, |X| = |Y| from the uniqueness 
of dimension of vector spaces. 


Expressing elements of F(X) as areduced word gives a normal form for elements in 
a free group F. As we will see in Section 14.5, this solves what is termed the word problem 
for free groups. Another important concept is the following: a freely reduced word W = 
XyXye + -X\" is cyclically reduced if v, # Vp, or if v; = v,, then e, # -e,. Clearly then, 
every element of a free group is conjugate to an element given by a cyclically reduced 
word. This provides a method to determine conjugacy in free groups. 


Theorem 14.2.5. Ina free group F, two elements g;, > are conjugate if and only if a cycli- 
cally reduced word for g, is a cyclic permutation of a cyclically reduced word for g>. 


The theory of free groups has a large and extensive literature. We close this section 
by stating several important properties. Proofs for these results can be found in [37], [36] 
or [21]. 


Theorem 14.2.6. A free group is torsion-free. 
From Theorem 14.2.4, we can deduce: 
Theorem 14.2.7. An Abelian subgroup of a free group must be cyclic. 


Finally, a celebrated theorem of Nielsen and Schreier states that a subgroup of a free 
group must be free. 


Theorem 14.2.8 (Nielsen-Schreier). A subgroup of a free group is itself a free group. 


Combinatorially, F is free on X if X is a set of generators for F, and there are no 
nontrivial relations. In particular, the following hold: 

There are several different proofs of this result, see [37], with the most straightfor- 
ward being topological in nature. We give an outline of a simple topological proof in 
Section 14.4. 

About 1920, Nielsen, using a technique now called Nielsen transformations in his 
honor first proved this theorem for finitely generated subgroups. Schreier, shortly after, 
found a combinatorial method to extend this to arbitrary subgroups. A complete version 
of the original combinatorial proof appears in [37], and in the notes by Johnson [31]. 

Schreier’s combinatorial proof also allows for a description of the free basis for the 
subgroup. In particular, let F be free on X, and H c Fa subgroup. Let T = {t,} bea 
complete set of right coset representatives for F modulo H with the property thatif t, = 
Xyixye +-xy" € T, with e; = +1, then all the initial segments 1, x;1, x;1x,7, et cetera are also 
in T. Such a system of coset representatives can always be found, and is called a Schreier 
system or Schreier transversal for H. If g € F, let g represent its coset representative in 
T, and further define for g « Fandt € T, Sig = tg(tg) '. Notice that Sig € H for all t,g. 
We then have the following: 


14.3 Group Presentations —— 199 


Theorem 14.2.9 (Explicit form of Nielsen-Schreier). Let F be free on X and H a subgroup 
of F. If T is a Schreier transversal for F modulo H, then H is free on the set 


{Sy :t € T,x € X, Sy # I. 


Example 14.2.10. Let F be free on {a,b} and H = F(X”) the normal subgroup of F gen- 
erated by all squares in F. 

Then F/F(X’) = (a,b; a? = b* = (ab)’ = 1) = Z, xZ, (see Section 14.3 for the concept 
of group presentations). It follows that a Schreier system for F modulo H is {1, a, b, ab} 
with @ = a, b = band ba = ab. From this it can be shown that H is free on the generating 
set 


X,= a Xy = bab"‘a"', X3 = b’, X4= abab"', X5 = aba”. 


The theorem also allows for a computation of the rank of H, given the rank of F and 
the index. Specifically: 


Corollary 14.2.11. Suppose F is free of rank n and |F : H| = k. Then H is free of rank 
nk-k+t 


From the example, we see that F is free of rank 2, H has index 4, so H is free of rank 
2:4-44+1=5. 


14.3 Group Presentations 


The significance of free groups stems from the following result, which is easily deduced 
from the definition and will lead us directly to a formal definition of a group presenta- 
tion. Let G be any group and F the free group on the elements of G considered as a set. 
The identity map f : G > Gcanbe extended to ahomomorphism of F onto G. Therefore, 
we have the following: 


Theorem 14.3.1. Every group G is ahomomorphic image of a free group. That is, let G be 
any group. Then G = F/N, where F is a free group. 


In the above theorem, instead of taking all the elements of G, we can consider just 
a set X of generators for G. Then G is a factor group of F(X), G = F(X)/N. The normal 
subgroup N is the kernel of the homomorphism from F(X) onto G. We use Theorem 14.3.1 
to formally define a group presentation. 

If H is a subset of a group G, then the normal closure of H denoted by N(H) is the 
smallest normal subgroup of G containing H. This can be described alternatively in the 
following manner. The normal closure of H is the subgroup of G generated by all conju- 
gates of elements of H. 

Now suppose that G is a group with X, a set of generators for G. We also call X a gen- 
erating system for G. Now let G = F(X)/N as in Theorem 14.3.1 and the comments after 
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it. N is the kernel of the homomorphism f : F(X) — G. It follows that ifr is a free group 
word with r € N, then r = 1in G (under the homomorphism). We then call r a relator 
in G, and the equation r = 1 a relation in G. Suppose that R is a subset of N such that 
N = N(R), then Ris called a set of defining relators for G. The equations r = 1,r € R, are 
a set of defining relations for G. It follows that any relator in G is a product of conjugates 
of elements of R. Equivalently, r ¢ F(X) is a relator in G if and only ifr can be reduced 
to the empty word by insertions and deletions of elements of R, and trivial words. 


Definition 14.3.2. Let G be a group. Then a group presentation for G consists of a set of 
generators X for G and a set R of defining relators. In this case, we write G = (X;R). We 
could also write the presentation in terms of defining relations as G = (X;r =1,r € R). 


From Theorem 14.3.1, it follows immediately that every group has a presentation. 
However, in general, there are many presentations for the same group. If R c R,, then 
R,; is also a set of defining relators. 


Lemma 14.3.3. Let G be a group. Then G has a presentation. 


If G = (X;R) and X is finite, then G is said to be finitely generated. If R is finite, G is 
finitely related. If both X and R are finite, G is finitely presented. 
Using group presentations, we get another characterization of free groups. 


Theorem 14.3.4. F is a free group if.and only if F has a presentation of the form F = (X;). 


Mimicking the construction of a free group from a set X, we can show that to each 
presentation corresponds a group. Suppose that we are given a supposed presentation 
(X;R), where R is given as a set of words in X. Consider the free group F(X) on X. Define 
two words w,, w, on. X to be equivalent if w, can be transformed into w, using insertions 
and deletions of elements of R and trivial words. As in the free group case, this is an 
equivalence relation. Let G be the set of equivalence classes. If we define multiplication 
as before, as concatenation followed by the appropriate equivalence class, then G is a 
group. Furthermore, each r € R must equal the identity in G so that G = (X; R). Notice 
that here there may be no unique reduced word for an element of G. 


Theorem 14.3.5. Given (X,R), where X is a set and R is a set of words on X. Then there 
exists a group G with presentation (X; R). 


We now give some examples of group presentations: 


Example 14.3.6. A free group of rank n has a presentation 
Fy = (X4,---5Xy3 )- 


Example 14.3.7. A free Abelian group of rank n has a presentation 


DD = (X45. 0.5 Xi GNX XS 


GX bs, SiS Tnng 
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Example 14.3.8. A cyclic group of order n has a presentation 
) een Ce dat ba 


Example 14.3.9. The dihedral groups of order 2n, representing the symmetry group of 
a regular n-gon, has a presentation 


(r, fir" =f? =1, (rf) =1). 


14.3.1 The Modular Group 


In this section, we give a more complicated example, and then a nice application to num- 
ber theory. 

If R is a commutative ring with identity, then the set of invertible (n x n)-matrices 
with entries from R forms a group under matrix multiplication called the n-dimen- 
sional general linear group over R, see [41]. This group is denoted by GL(n, R). Since 
det(A) det(B) = det(AB) for square matrices A, B, it follows that the subset of GL(n, R), 
consisting of those matrices of determinant 1, forms a subgroup. This subgroup is called 
the special linear group over R and is denoted by SL(n, R). In this section, we concentrate 
on SL(2, Z), or more specifically, a quotient of it, PSL(2, Z), and find presentations for 
them. The group SL(2, Z) then consists of (2 x 2)-matrices of determinant 1 with integral 
entries: 


a b 


SL(2, Z) = {(° 1) @bsed € Za ad — be = 1}. 


The group SL(2, Z) is called the homogeneous modular group, and an element of SL(2, Z) 
is called a unimodular matrix. If Gis any group, recall that its center Z(G) consists of those 
elements of G, which commute with all elements of G: 


Z(G) = {g €G: gh =hg,Vh € G}. 


The group Z(G) is anormal subgroup of G. Hence, we can form the factor group G/Z(G). 
For G = SL(2, Z), the only unimodular matrices that commute with all others are 
+I = +(4°). Therefore, Z(SL(2, Z)) = {I, -I}. The quotient 


SL(2, Z)/Z(SL(2,Z)) = SL(2, Z)/{I, I} 


is denoted by PSL(2, Z) and is called the projective special linear group or inhomogeneous 
modular group. More commonly, PSL(2, Z) is just called the modular group, and denoted 
by M. 

M arises in many different areas of mathematics, including number theory, com- 
plex analysis, and Riemann surface theory and the theory of automorphic forms and 
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functions. M is perhaps the most widely studied single finitely presented group. Com- 
plete discussions of M and its structure can be found in the books Integral Matrices by 
M. Newman, see [56], and Algebraic Theory of the Bianchi Groups by B. Fine, see [51]. 

Since M = PSL(2,Z) = SL(2, Z)/{I, —I}, it follows that each element of M can be 
considered as +A, where A is a unimodular matrix. A projective unimodular matrix is 
then 


(@ a) a,b,c,d € Z, ad—be=1. 
c ad 


The elements of M can also be considered as linear fractional transformations over the 
complex numbers 


b 
g= ae , ab,c,d€ Z, ad—bc =1, wherez€« C. 
cz+d 


Thought ofin this way, M forms a Fuchsian group, which is a discrete group of isometries 

of the non-Euclidean hyperbolic plane. The book by Katok, see [33], gives a solid and clear 

introduction to such groups. This material can also be found in condensed form in [53]. 
We now determine presentations for both SL(2, Z) and M = PSL(2, Z). 


Theorem 14.3.10. The group SL(2, Z) is generated by the elements 


x= (4 a) and y=({ a) 
1 0 -1 -l 

Furthermore, a complete set of defining relations for the group in terms of these gen- 
erators is given by 


X‘=y? = yx*y 1x7 =I. 
It follows that SL(2, Z) has the presentation 
(X,Y;X* = Y° = yx*y 1x? =1), 


Proof. We first show that SL(2, Z) is generated by X and Y; that is, every matrix A in the 
group can be written as a product of powers of X and Y. 


Let 
Ge ‘ ) 
01 
Then a direct multiplication shows that U = XY, and we show that SL(2, Z) is generated 
by X and U, which implies that it is also generated by X and Y. Furthermore, 
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therefore, U has infinite order. 
Let A = (44) € SL(2,Z). Then we have 


xa=( - ae uta = (448 sr 
a ob c d 


for any k € Z. We may assume that |c| < |a| otherwise start with XA rather than A. If 
c = 0, then A = +U4 for some q. If A = U4, then certainly A is in the group generated by 
X and U. If A = —U%, then A = X*U4 since X? = —I. It follows that here also A is in the 
group generated by X and U. 

Now suppose c # 0. Apply the Euclidean algorithm to a and c in the following mod- 
ified way: 


a= doc + ry 
C= Gry +19 
Ty = Gol, +13 


(-1)"Tp1 = Inn + 9, 
where r,, = +1 since (a,c) = 1. Then 
XU "...XU%A = 4+U%™ ~~ with qn, € Z. 
Therefore, 
A=X™U%xU" ...XU™ XU 


with m = 0,1, 2, 3; do, 4y5---> nei € Zand o,..., dn # 0. Thus, X and U, and hence X and 
Y generate SL(2, Z). 
We must now show that 


Veer ee al 


form a complete set of defining relations for SL(2, Z), or that every relation on these 
generators is derivable from these. It is straightforward to see that X and Y do satisfy 
these relations. Assume then that we have a relation 


SSN IY Pee ef 


with all e;, a; ¢ Z. Using the set of relations 


204 —— 14 Free Groups and Group Presentations 


X1=Y3 = Yx’y 1x =], 
we may transform S so that 
S= x” yuxyy” ae yam X met 


with €1,€mi, = 0,1,2 or 3 anda; = 1or2 fori = 1,...,mandm = 0. Multiplying by a 
suitable power of X, we obtain 


YUx...¥Y™X = X*=S, 


with m > 0 anda = 0,1,2 or 3. Assume that m > 1, and let 


a -b 
Goes: 
We show by induction that 
a,b,c,d>0, b+c>0, 
or 
a,b,c,d<0, b+c<0. 


This claim for the entries of S, is true for 


x= (7 ae and ra a 
44 


Suppose it is correct for S, = Ge es ). Then 


ay -b, ) 
YXS, = d 
? & +Cy) bDy+d, a 


y2xs, = ‘eu she 
: C dq} 


Therefore, the claim is correct for all S; with m > 1. This gives a contradiction, for the 
entries of X° with a = 0,1,2 or 3 do not satisfy the claim. Hence, m = 0, and S can be 
reduced to a trivial relation by the given set of relations. Therefore, they are a complete 
set of defining relations, and the theorem is proved. 


Corollary 14.3.11. The modular group M = PSL(2, Z) has the presentation 


M= (x, ys xX? =y° =1). 
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Furthermore, x,y can be taken as the linear fractional transformations 


1 1 
Xiz ===, and y:z' =-—. 

Z Z+1 
Proof. The center of SL(2, Z) is +I. Since X* = —I, setting X” = J in the presentation for 
SL,(Z) gives the presentation for M. Writing the projective matrices as linear fractional 
transformations gives the second statement. 


This corollary says that M is the free product of a cyclic group of order 2 and a cyclic 
group of order 3, a concept we will introduce in Section 14.7. 

We note that there is an elementary alternative proof to Corollary 14.3.11 as far as 
showing that X? = Y° = 1 are a complete set of defining relations. As linear fractional 
transformations, we have 


yee. Ws) Poe 
Z Z+1 Z 


Now let 
R*={xeR:x>0} and R ={xeR:x< 0}. 
Then 


X(R')cR*, and Y“(R*)cR, a=12. 


Let S € M. Using the relations X* = Y? = 1 anda suitable conjugation, we may assume 
that either S = 1 is a consequence of these relations, or that 


S=Y"xy™...xy™ 


with 1 < a; < 2 and a, = a,. 

In this second case, if x €¢ IR‘, then S(x) € R'; hence, S #1. 

This type of ping-pong argument can be used in many examples, see [36], [21] 
and [31]. As another example, consider the unimodular matrices 


a-(° . B=({ ay 

-1 2 1 2 

Let A,B denote the corresponding linear fractional transformations in the modular 
group M. We have 


ers ay a ee a forn € Z. 
- + + 


In particular, A and B have infinite order. Now 
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A'(R-)c R* and B'(R*)cR 
for all n # 0. The ping-pong argument used for any element of the type 
S-A Bm . Boa 


with all n;,m; # 0 and n, + n;,, # 0 shows that S(x) € IR* ifx € R’. It follows that there 
are no nontrivial relations on A and B; therefore, the subgroup of M generated by A,B 
must be a free group of rank 2. 

To close this section, we present a significant number of theoretical applications of 
the modular group. First, we need the following corollary to Corollary 14.3.11: 


Corollary 14.3.12. Let M = (X,Y;X* = Y° = 1) be the modular group. If A is an element 
of order 2, then A is conjugate to X. If B is an element of order 3, then B is conjugate to 
either Y or Y’. 


Definition 14.3.13. Let a,n be relatively prime integers with a # 0,n = 1. Then a is 
a quadratic residue modulo n if there exists an x € Z with x =a (mod n); that is, 
a =x" +knfor some k € Z. 


The following is called Fermat’s two-square theorem. 


Theorem 14.3.14 (Fermat’s two-square theorem). Let n > 0 be a natural number. Then 
n= a’ +b’ with (a,b) =1 if and only if -1 is a quadratic residue modulo n. 


Proof. Suppose -1 is a quadratic residue modulo n, then there exists an x such that x? = 
-1 (mod n) or x2 = -1+ mn. This implies that —x? — mn = 1 so that there must exist a 
projective unimodular matrix 
A=4 e ‘ ). 
m -X 


It is straightforward that A” = 1. Therefore, by Corollary 14.3.12, A is conjugate within M 
to X. Now consider conjugates of X within M. Let T = (44). Then 


(i 
“\-c aly? 


Te: PAU AN fa =b —(bd + ac) sa 
TXT |= =4 ; 
€ 3) oe ) & ’) +(e bd+ac (+) 
Therefore, any conjugate of X must have the form («), and thus A also must have the 


form («). Therefore, n = a” + b?. Furthermore, (a, b) = 1since in finding the form («), we 
had ad — be = 1. 


and 
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Conversely suppose n = a’ + b” with (a,b) = 1. Then there exist c,d € Z with 
ad — bc = 1; hence, there exists a projective unimodular matrix 


Then 


This has determinant one, so 


-a’—ny=1 => a’ =-1-ny => a’ =-1(modn). 


Therefore, —1 is a quadratic residue modulo n. 


This type of group theoretical proof can be extended in several directions. Kern- 
Isberner and Rosenberger, see [34], considered groups of matrices of the form 


a DbVN 
w= (iy d ) a,b,c,d,N € Z, ad —- Nbc = 1, 
or 
avVN Db 
u=( é a) a,b,c,d,N € Z, Nad - be = 1. 
They then proved that if 


N € {1,2, 4, 5, 6, 8, 9, 10, 12, 13, 16, 18, 22, 25, 28, 37, 58} 


and n € IN with (n, N) = 1, then the following hold: 

(1) If-—N is a quadratic residue modulo n and nis a quadratic residue modulo N, then 
ncan be written as n = x” + Ny’ with x,y € Z. 

(2) Conversely, ifn = x*+Ny’ with x,y € Zand (x,y) = 1, then -N is a quadratic residue 
modulo n, and n is a quadratic residue modulo N. 


The proof of the above results depends on the class number of Q(V-N) (see [34]). 

In another direction, Fine [50] and [49] showed that the Fermat two-square property 
is actually a property satisfied by many rings R. These are called sum of squares rings. 
For example, if p = 3 (mod 4), then Z,» for n > 1 is a sum of squares ring. 
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14.4 Presentations of Subgroups 


Given a group presentation G = (X; R), itis possible to find a presentation for a subgroup 
H of G. The procedure to do this is called the Reidemeister-Schreier process and is a 
consequence of the explicit version of the Nielsen—Schreier theorem (Theorem 14.2.9). 
We give a brief description. A complete description and a verification of its correctness 
is found in [37], or in [21]. 

Let G be a group with the presentation (a;,...,Ay;R,,...,R,). Let H be a subgroup 
of G and T a Schreier system for G modulo H, defined analogously as above. 


Reidemeister-Schreier process 
Let G,H and T be as above. Then H is generated by the set 


{Sta, :t € T,y € {),..., Qn} Sta, # 1} 


with a complete set of defining relations given by conjugates of the original relators 
rewritten in terms of the subgroup generating set. 

To actually rewrite the relators in terms of the new generators, we use a mapping T 
on words on the generators of G called the Reidemeister rewriting process. This map is 
defined as follows: If 


ej . 
W =a;'a;---ay with e; = +1 defines an element of H 


then 


e e, ej 
T(W) = Sisay, 504, as tsa, 

where ¢; is the coset representative of the initial segment of W preceding a,,, if e; = 1 

and t; is the representative of the initial segment of W up to and including ai. ife; = -1. 

The complete set of relators rewritten in terms of the subgroup generators is then given 


by 
{c(tR;t')} witht € T, and R; runs over all relators in G. 


We present two examples; one with a finite group, and then an important example 
with a free group, which shows that a countable free group contains free subgroups of 
arbitrary ranks. 


Example 14.4.1. Let G = A, be the alternating group on 4 symbols. Then a presentation 
for G is 


G = A, = (a,b; a” = B® = (ab)’ = 1). 
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Let H = Aj, be the commutator subgroup. We use the above method to find a presenta- 
tion for H. Now 


G/H = A,/A\, = (a,b; a’ = b® = (ab) = [a,b] = 1) = (b;b® = 1). 


Therefore, |A, : Aj| = 3. A Schreier system is then {1,, b’}. The generators for Aj, are 
then 


X,=Siqg=, X_=Syq= bab", Xz =S,, = b’ab, 


whereas the relations are the following: 
1, t(aa) =S,)Siq =X? 

2, t(baab™) = X? 

3. t(b’aab~*) = X? 

4. t(bbb) =1 

5. t(bbbbb™') =1 

6. t(b’bbbb~) =1 

7. t(ababab) = SyqgSpqSp2q = XyX2X3 

8. t(babababb™) = SyaqSp2qSiq = X2X3X 
9. t(b’abababb™) = Sy2qS\qShq = X3X1X2 


Therefore, after eliminating redundant relations and using X3 = X,X>, we get as a pre- 
sentation for Aj, 


(X,, Xo X¢ = XP = (X,X,)" = 1). 


Example 14.4.2. Let F = (x, y;) be the free group of rank 2. Let H be the commutator 
subgroup. Then 


F/H = (x, y;[x,y] =1) = ZxZ 


a free Abelian group of rank 2. It follows that H has infinite index in F. As Schreier coset 
representatives, we can take 


The corresponding Schreier generators for H are 
pe VX OPS At SOE. 2. IS Ope ED x, 


The relations are only trivial; therefore, H is free on the countable infinitely many gen- 
erators above. It follows that a free group of rank 2 contains as a subgroup a free group 
of countably infinite rank. Since a free group of countable infinite rank contains as sub- 
groups free groups of all finite ranks, it follows that a free group of rank 2 contains as a 
subgroup a free subgroup of any arbitrary finite rank. 


210 —— 14 Free Groups and Group Presentations 


Theorem 14.4.3. Let F be free ofrank 2. Then the commutator subgroup F’ is free of count- 
able infinite rank. In particular, a free group of rank 2 contains as a subgroup a free group 
of any finite rank n. 


Corollary 14.4.4. Let n,m be any pair of positive integers n,m > 2and F,, Fj, free groups 
of ranks n,m, respectively. Then F,, can be embedded into F,,,, and F,, can be embedded 
into F,. 


14.5 Geometric Interpretation 


Combinatorial group theory has its origins in topology and complex analysis. Especially 
important in the development is the theory of the fundamental group. This connection 
is so deep that many people consider combinatorial group theory as the study of the 
fundamental group—especially the fundamental group of a low-dimensional complex. 
This connection proceeds in both directions. The fundamental group provides methods 
and insights to study the topology. In the other direction, the topology can be used to 
study the groups. 

Recall that if X is a topological space, then its fundamental group based at a point 
Xp, denoted by 7(X, xq), is the group of all homotopy classes of closed paths at x9. If X 
is path-connected, then the fundamental groups at different points are all isomorphic, 
and we can speak of the fundamental group of X, which we will denote by 7(X). Histori- 
cally, group presentations were developed to handle the fundamental groups of spaces, 
which allowed simplicial or cellular decompositions. In these cases, the presentation 
of the fundamental group can be read off from the combinatorial decomposition of the 
space. 

An (abstract) simplicial complex or cell complex K is a topological space consisting 
of a set of points called the vertices, which we will denote by V(K), and collections of 
subsets of vertices called simplexes or cells, which have the property that the intersec- 
tion of any two simplices is again a simplex. If n is the number of vertices in a cell, then 
n —1is called its dimension. Hence, the set of vertices are the 0-dimensional cells, and 
a simplex {v,,...,V,} is an (n — 1)-dimensional cell. The 1-dimensional cells are called 
edges. These have the form {u, v}, where u and v are vertices. One should think of the 
cells in a geometric manner so that the edges are really edges, the 2-cells are filled trian- 
gles (which are equivalent to disks), and so on. The maximum dimension of any cell ina 
complex K is called the dimension of K. From now on, we will assume that our simplicial 
complexes are path-connected. 

AgraphT is just a 1-dimensional simplicial complex. Hence, I consists of just vertices 
and edges. If K is any complex, then the set of vertices and edges is called the 1-skeleton 
of K. Similarly, all the cells of dimension less than or equal to 2 comprise the 2-skeleton. 
A connected graph with no closed paths in it is called a tree. If K is any complex, then a 
maximal tree in K is a tree that can be contained in no other tree within K. 
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From the viewpoint of combinatorial group theory what is relevant is that if K is 
a complex, then a presentation of its fundamental group can be determined from its 
2-skeleton and read off directly. In particular the following hold: 


Theorem 14.5.1. Suppose that K is aconnected cell complex. Suppose that T is amaximal 
tree within the 1-skeleton of K. Then a presentation for m(K) can be determined in the 
following manner: 
Generators: all edges outside of the maximal tree T. 
Relations: (a) {u,v} =1if {u,v} is an edge inT. 

(b) {u, v}{v, w} = {u, w} ifu, v, w lie in a simplex of K. 


From this the following is obvious: 


Corollary 14.5.2. The fundamental group of a connected graph is free. Furthermore, its 
rank is the number of edges outside a maximal tree. 


A connected graph is homotopic to a wedge or bouquet of circles. If there are n 
circles in a bouquet of circles, then the fundamental group is free of rank n. The converse 
is also true. A free group can be realized as the fundamental group of a wedge of circles. 

An important concept in applying combinatorial group theory is that of a covering 
complex. 


Definition 14.5.3. Suppose that K is acomplex. Then a complex K, is a covering complex 
for K if there exists a surjection p : K, — K called a covering map with the property that 
for any cells ¢ K the inverse image p ‘(s) is a union of pairwise disjoint cells in K,, and 
p restricted to any of the preimage cells is a homeomorphism. 

That is, for each simplex S in K, we have 


p(S)=US; 
and p : S; > Sis a bijection for each i. 


The following then becomes clear: 


Lemma 14.5.4. If K, is a connected covering complex for K, then K, and K have the same 
dimension. 


What is crucial in using covering complexes to study the fundamental group is that 
there is a Galois theory of covering complexes and maps. The covering map p induces a 
homomorphism of the fundamental group, which we will also call p. Then we have the 
following: 


Theorem 14.5.5. Let K, bea covering complex of K with covering map p. Then p(t(K;)) is 
a subgroup of m(K). Conversely, to each subgroup H of m(K), there is a covering complex 
K, with m(K,) = H. Hence, there is a one-to-one correspondence between subgroups of the 
fundamental group of a complex K and covers of K. 
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We will see the analog of this theorem in regard to algebraic field extensions in 
Chapter 15. 

A topological space X is simply connected if m(X) = {1}. Hence, the covering com- 
plex of K corresponding to the identity in 7(K) is simply connected. This is called the 
universal cover of K since it covers any other cover of K. 

Based on Theorem 14.5.1, we get a very simple proof of the Nielsen-Schreier theo- 
rem. 


Theorem 14.5.6 (Nielsen-Schreier). Any subgroup of a free group is free. 


Proof. Let F be a free group. Then F = z(K), where K is a connected graph. Let H bea 
subgroup of F. Then H corresponds to a cover K; of K. But a cover is also 1-dimensional; 
hence, H = 7(K,), where K, is a connected graph. Therefore, H is also free. 


The fact that a presentation of a fundamental group of a simplicial complex is de- 
termined by its 2-skeleton going in the other direction also. That is, given an arbitrary 
presentation, there exists a 2-dimensional complex, whose fundamental group has that 
presentation. Essentially, given a presentation (X;R), we consider a wedge of circles 
with cardinality |X|. We then paste on a 2-cell for each relator W in R bounded by the 
path corresponding to the word W. 


Theorem 14.5.7. Given an arbitrary presentation (X; R), there exists a connected 2-com- 
plex K with m(K) = (X; R). 


We note that the books by Rotman, see [43], and Fine, Moldenhauer, Rosenberger, 
and Wienke, see [26], have significantly detailed and accessible descriptions of groups 
and complexes. Cayley, and then Dehn, introduced for each group G a graph, now called 
Cayley graph, as a tool to apply complexes to the study of G. The Cayley graph is actually 
tied to a presentation, and not to the group itself. Gromov reversed the procedure and 
showed that by considering the geometry of the Cayley graph, one could get information 
about the group. This led to the development of the theory of hyperbolic groups. 

In the following, we need a special kind of generating systems for finitely presented 
groups G = (X;R). Let S c G be a generating system for G. Then S is called a valid 
generating system if it has the following two properties: 

(a) 1¢S where 1 is the neutral element of G. 
(b) the set Sis a symmetric generating system, that is, if y ¢ S thenalso y‘ € S. 


In the following, the pair (G, S) denotes a finitely presented group G together with a valid 
generating system S. Given such a pair we define a metric on G with respect to S in the 
following way. Let (G,S) be a pair as above. Then define I;:G — [0,0o) as follows: If 
y €G, then [,(y) = 1ify = 1, and ify # 1 then let [,(y) be the minimal length of a word 
that is completely constructed of elements from S that represent y. This length is also 
called S-length. 
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We now define the desired metric ds: G x G — [0, 00) via ds(y1; Y2) = ls(yqy2) and 


check that d, is indeed a metric: 


1. 


The equivalence [,(y) = 0 if and only if y = 1 implies the equivalence d,(y,, y2) = 0 
if and only if y, = yy. 

We have d¢(y;, 2) = ls(Vq V2) = ls (V7'V1) = s(n Ys), because S is symmetric. 

We have ds(y, 2) < ds(V1,B) + ds(B, y2) for all y1, y2,B € Gas yy'V2 =; BB Ye. 


We give the following remarks. 


1. 


The metric structure on (G, S) depends on the choice of S. Say G = Zand S = {+1}, 
then d,(0,1) = 1, and if S’ = {+2, +3}, then dy (0,1) = 2. 

The metric structure on (G, S) is induced by the natural metric structure of the Cay- 
ley graph with respect to (G, S): 

The vertices are elements of G, and two vertices y, and y, are connected by an edge 
if and only if there exists a a € S with y,o = y,. Since y, = y,o-' we get in fact a 
directed graph called the Cayley graph with respect to (G, S). 

If we parametrize in such a way that any edge of the Cayley graph of (G, S) has length 
1, then the metric of (G, S) is induced from that of the Cayley graph of (G, S). Here 
we extend the metric for the Cayley graph in the usual way for all pairs of points of 
edges by transforming any edge to an interval of length 1. In this manner the Cayley 
graph becomes a geodesic metric space. We always consider the Cayley graph in 
this way which should not lead to misunderstandings. Any closed path represents 
a relation. If G = (X;R) is finitely presented with 1 ¢ X then we may consider 
S = X UX and may call (G, S) the Cayley graph of G without misunderstandings. 
If we insert a 2-cell for any closed path in the Cayley graph then we obtain a simply 
connected 2-dimensional complex, the Cayley complex. 


The construction of the Cayley graph depends on the choice of S as well as on the metric 
on (G,S). We would like to have an equivalence relation that permits to connect the 
different metric spaces for G if we alter S. 


Definition 14.5.8. Let (X,d) and (X’,d’) be metric spaces. Then (X, d) are (X',d') are 
quasi-isometric, if there are functions f:X — X' and g:X’ — X together with constants 
A >0Oand C = 0, such that 

(a) d'(f00,f (y)) < Ad(x, y) + C for all x,y € X, 

(b) d(g(x'), g(y’)) < Ad'(x',y’) + C for all x’, y’ € X', 

(c) d(g(f(x)), x) < C for all x € X, and 

(d) d’(f(g’)),x’) < C for all x’ € X’. 


Theorem 14.5.9. Quasi-isometry is an equivalence relation in the class of metric spaces. 


Proof. Of course quasi-isometry is reflexive and symmetric. We show transitivity. Let 
(X, d) and (X’, d’) as well as (X’, d’) and (X", d'’) be quasi-isometric. Thus we have func- 
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‘ f i : 
tions X = X', X' = X", and constants A, C and 4’, C' respectively, such that the con- 
& g! 


ditions (a)-(d) are satisfied. We look for functions X = i X" and constants A’’,C", such 
z” 

that conditions (a)—(d) are satisfied again. Set f” =f’ of andg” = gog’,a" = Ad’ and 

C" = 2C + 2C’ +.4'C + AC’. We check the conditions step by step: 

(a) Let x,y ¢ X. Then 


ANAM CDL OD) = AUP FCD). FPO) 
<A'd' (Ff) +c 
<A'(Ad(x,y) +C) +C' 
=A'dd(x,y) +A'C+C' 
<A"d(x,y)+C". 


(b) This is analogous. 
(c) Let x € X. Then (according to our assumption) 


d'(g' of’ (F(X), f() < Cc" 


and hence, because of (b), 


d(g(g' °f'(f())), g(f))) < AC’ + 


which gives 


d(g" of!"(x),x) < d(g" of"), 8(FO)) + a(g(FC0),x) 
< (AC’ +€)4+C =AC' +2C 
<c". 


(d) This is analogous. 
Theorem 14.5.10. Let G be a group of finitely presented group with finite valid generating 
systems S and S'. Then the metric spaces (G, S) and (G, S’) are quasi-isometric. 


Proof. We look for suitable f,g,A, and C. Take f = idigs), 8 = idiggr), C = 0, andA = 
max({ly(y) : y € S}U {Is(y"): y! € Sp). 
We verify condition (a). Let x,y € (G, S). Then 


ds (FO. f() = le (FOO FO) = ly XY). 


Our definition of A permits ly (x~y) < Als(x~1y) because, if we write x~'y as a prod- 
uct of elements of S with length k, then we can surely write x “yas a product (of elements 
of S’) of length < Ak. Hence 


dy (f 00), f()) < Als(xy) = Adg(x,y) + C. 
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The proof of (b) is analogous and that of (c) and (d) is obvious because f and g are in- 
verses for each other. 


We observe: The quasi-isometry class of the metric spaces for (G, S$), S finite, is an 
invariant of the group G and does not depend on the finite generating set S. 

We ask: Is this invariant suitable in order to study group theoretical properties of G 
and to what extent does quasi-isometry preserve group theoretic properties? 

We call two finitely presented groups G, and G, quasi-isometric, if the metric spaces 
for (G,,5S,), S, a valid generating set for G,, and (G», S,), S, a valid generating set for G,, 
are quasi-isometric. 

Aiming at the motivation of hyperbolic groups we first have to describe a hyperbolic 
metric space. 


Definition 14.5.11. Let (X, d) be a metric space. 

1. Let X9,x, € X with a = (x, -X 9). A geodesic segment in X starting at x) and ending in 
X,is anisometry g: (0, a] > X with g(0) = x) and g(a) = x; (recall that an isometry is 
by definition length preserving). We say that X is a geodesic space if for all Xp, x, ¢ X 
there is a geodesic segment in X starting at x) and ending at x,. 

2. A geodesic triangle in X with x,y,z € X as vertices is the union of three geodesic 
segments with (pairwise) x, y and z as end points. 


Note that the definition explicitly allows degenerated triangles, for instance, take 
y =z and the geodesic segments from x to y and x to z are different. 

An example ofa geodesic space is the Cayley graph for a finitely presented group. If 
the Cayley graph is not a tree, then it contains a circle (or embedded loop). Hence, there 
is more than one geodesic segment allowed between the same pair of points. 

We fix the following notation: Let xp, x, €¢ X for a geodesic space X. Although several 
geodesic segments in X with start points xj and end points x, are allowed, we denote by 
[Xp X,] a given geodesic segment with xy and x, as start and end points. 


Definition 14.5.12. Let 5 > 0. We say that a geodesic space X satisfies the Rips condition 
for the constant 6 if for every geodesic triangle [x,y] U [y,z] U [z, x] in X and for every 
u € [x,y] the following holds: d(u, [y, z] U [z,x]) < 6, see Figure 14.1. We call a geodesic 
space X hyperbolic if it satisfies the Rips condition for a constant 6 > 0. 


y 
x Figure 14.1: Geodesic triangle. 
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Theorem 14.5.13. Let X, and X, be geodesic spaces that are quasi-isometric. If X, is hy- 
perbolic then also X, is hyperbolic. 


A proof is given in [26]. Hence, quasi-isometries respect hyperbolicity. 


Definition 14.5.14. Let T be a group of finite type. I is called hyperbolic group if there is 
a finite generating system S such that the metric space for (I, S)—or the Cayley graph 
for (I, S)—is a hyperbolic space. 


According to Theorem 14.5.13 the definition of a hyperbolic group is independent of 
the choice of a finite generating system X. 


Theorem 14.5.15. 1. Let G, be a subgroup of a hyperbolic group G, with finite index. 
Then G, is also hyperbolic. 

2. Letl1>~A— G, > G, > 1beashort exact sequence with A finite and G,, hyperbolic, 
that is, G) = G,/A. Then G, is also hyperbolic. 


A proof is given in [26]. Hyperbolic groups have many other important properties 
(see, for instance, [26]). We end this section with a collection of examples of hyperbolic 
groups. 


Example 14.5.16. The following groups are hyperbolic. For proofs see [26]. 

1. Finite groups and infinite cyclic groups. 

2. Fundamental groups of compact, connected Riemann manifolds. Especially, co- 
compact Fuchsian and Kleinian groups. 

3. One-relator groups with torsion. 
Free products of finitely many hyperbolic groups, see Section 14.8. 

5. Agroup G of F-type is a group with a presentation 


r; 
G = (Aq... QQ? = +++ = GY = U(Ay,...,Ay)V(Ap41,---5 Gy) = 1) 


where n > 2,7; = Oorr; > 2,1 < p< n-1,u(q,...,a,) a cyclically reduced word 
in the free product on aj,...,a, which is of infinite order, and v(dp,1,...,@p) is a 
cyclically reduced word in the free product on dp,1,..., 4, which is of infinite order 
(see Section 14.8). The group G is hyperbolic unless u(a,...,a,) is a proper power 
or a product of two elements of order 2 and v(a,,1,...,@,) also is a proper power or 
a product of two elements of order 2. 

Especially, free groups of finite rank, oriented surface groups of genus g > 2 
and nonoriented surface groups of genus g > 3 are of F-type. We remark that 
a group of F-type is hyperbolic if and only if it has a faithful representation in 
PSL(2, R). 


14.6 Presentations of Factor Groups —— 217 


14.6 Presentations of Factor Groups 


Let G be a group with a presentation G = (X; R). Suppose that H is a factor group of G; 
that is, H = G/N for some normal subgroup N of G. We show that a presentation for H 
is then H = (X;RUR;), where R, is a, perhaps additional, system of relators. 


Theorem 14.6.1 (Dyck’s theorem). Let G = (X; R), and suppose that H = G/N, where N is 
anormal subgroup of G. Then a presentation for H is (X;RUR,) for some set of words R, 
on X. Conversely, the presentation (X;R UR) defines a group, that is, a factor group of G. 


Proof. Since each element of H is a coset of N, they have the form gN for g ¢€ G. Itis clear 
then that the images of X generate H. Furthermore, since H is ahomomorphic image of 
G, each relator in R is a relator in H. Let N, be a set of elements that generate N, and 
let R, be the corresponding words in the free group on X. Then R, is an additional set of 
relators in H. Hence, R U R, is a set of relators for H. Any relator in H is either a relator 
in G, hence a consequence of R, or can be realized as an element of G that lies in N, and 
therefore a consequence of R,. Therefore, RUR, is a complete set of defining relators for 
H, and H has the presentation H = (X;RUR;). 

Conversely, G = (X;R), G, = (X;RUR,). Then G = F(X)/N,, where N, = N(R), and 
G, = F(X)/N,, where N. = N(RU R,). Hence, N, c No. The normal subgroup N2/N, of 
F(X)/N, corresponds to a normal subgroup of H of G, and therefore by the isomorphism 
theorem 


G/H = (F(X)/N;)/(N2/N) = F(X)/Np = Gy. 


14.7 Decision Problems 


We have seen that given any group G, there exists a presentation for it, G = (X;R).In 

the other direction, given any presentation (X;R), we have seen that there is a group 

with that presentation. In principle, every question about a group can be answered via 

a presentation. However, things are not that simple. Max Dehn in his pioneering work 

on combinatorial group theory about 1910 introduced the following three fundamental 

group decision problems: 

(1) Word Problem: Suppose G is a group given by a finite presentation. Is there an algo- 
rithm to determine if an arbitrary word w in the generators of G defines the identity 
element of G? 

(2) Conjugacy Problem: Suppose G is a group given by a finite presentation. Is there 
an algorithm to determine if an arbitrary pair of words u, v in the generators of G 
define conjugate elements of G? 

(3) Isomorphism Problem: Is there an algorithm to determine, given two arbitrary finite 
presentations, whether the groups they present are isomorphic or not? 
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All three of these problems have negative answers in general. That is, for each of these 
problems one can find a finite presentation, for which these questions cannot be an- 
swered algorithmically (see [36]). Attempts for solutions, and for solutions in restricted 
cases, have been of central importance in combinatorial group theory. For this reason 
combinatorial group theory has always searched for and studied classes of groups, in 
which these decision problems are solvable. 

For finitely generated free groups, there are simple and elegant solutions to all three 
problems. If F is a free group on x;,...,x, and W is a freely reduced word in x,,...,X;, 
then W # 1ifand only if L(W) = 1 for L(W) the length of W. Since freely reducing 
any word to a freely reduced word is algorithmic, this provides a solution to the word 
problem. Furthermore, a freely reduced word W = x;1x;? ---x;" is cyclically reduced if 
Vv, # V,, or if v, = v,, then e, # —e,. Clearly then, every element of a free group is 
conjugate to an element given by a cyclically reduced word called a cyclic reduction. 
This leads to a solution to the conjugacy problem. Suppose V and W are two words in 
the generators of F and V, W are respective cyclic reductions. Then V is conjugate to W 
if and only if V is a cyclic permutation of W. Finally, two finitely generated free groups 
are isomorphic if and only if they have the same rank. 


14.8 Group Amalgams: Free Products and Direct Products 


Closely related to free groups in both form and properties are free products of groups. 
Let A = (a,,...;Ry,...) and B = (by,...;5,,...) be two groups. We consider A and B to be 
disjoint. Then we have the following: 


Definition 14.8.1. The free product of A and B, denoted by A « B, is the group G with 
the presentation (a),...,b,,...;Ry,...,S,,...); that is, the generators of G consist of the 
disjoint union of the generators of A and B with relators taken as the disjoint union of 
the relators R; of A and S; of B. A and B are called the factors of G. 


In an analogous manner, the concept of a free product can be extended to an arbi- 
trary collection of groups. 


Definition 14.8.2. If A, = (gens A,;relsA,), a € Z, is a collection of groups, then their 
free product G = +A, is the group, whose generators consist of the disjoint union of the 
generators of the A,, and whose relators are the disjoint union of the relators of the A,. 


Free products exist and are nontrivial. In that regard, we have the following: 


Theorem 14.8.3. Let G = A « B. Then the maps A — Gand B — Gare injections. The 
subgroup of G generated by the generators of A has the presentation (generators of A; 
relators of A), that is, is isomorphic to A. Similarly for B. Thus, A and B can be considered 
as subgroups of G. In particular, A « B is nontrivial if A and B are. 
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Free products share many properties with free groups. First of all there is a categor- 
ical formulation of free products. Specifically we have the following: 


Theorem 14.8.4. A group G is the free product ofits subgroups A and Bif A and B generate 
G, and given homomorphisms f, : A — H, f, : B > H into a group H, there exists a unique 
homomorphism f : G > H, extending f, and fy. 


Secondly, each element of a free product has a normal form related to the reduced 
words of free groups. If G = A « B, then a reduced sequence or reduced word in Gisa 
sequence 218>...,,n = 0, with g; # 1, each g; in either A or B and g;, g;,, not both in the 
same factor. Then the following hold: 


Theorem 14.8.5. Each element g € G = A * B has a unique representation as a reduced 
sequence. The length n is unique and is called the syllable length. The casen = 0 is reserved 
for the identity. 


A reduced word g,...g, € G =A * Bis called cyclically reduced if either n < 1 or 
n>2and g; and g, are from different factors. Certainly, every element of G is conjugate 
to a cyclically reduced word. 

From this, we obtain several important properties of free products, which are anal- 
ogous to properties in free groups. 


Theorem 14.8.6. An element of finite order in a free product is conjugate to an element of 
finite order in a factor. In particular, a finite subgroup ofa free product is entirely contained 
in a conjugate of a factor. 


Theorem 14.8.7. If two elements of a free product commute, then they are both powers 
of a single element or are contained in a conjugate of an Abelian subgroup of a factor. 


Finally, a theorem of Kurosh extends the Nielsen—Schreier theorem to free products. 


Theorem 14.8.8 (Kurosh). A subgroup of a free product is also a free product. Explicitly, 
ifG =A BandH cG, then 


H =F « (*AQ) * (*Bg), 


where F is a free group, (*Aq) is a free product of conjugates of subgroups of A, and (*Bg) 
is a free product of conjugates of subgroups of B. 


We note that the rank of F and the number of the other factors can be computed. 
A complete discussion of these is in [37], [36] and [21]. 

If A and B are disjoint groups, then we now have two types of products forming new 
groups out of them: the free product and the direct product. In both these products, the 
original factors inject. In the free product, there are no relations between elements of A 
and elements of B, whereas in a direct product, each element of A commutes with each 
element of B. Ifa ¢ Aandb € B,across commutator is [a,b] = aba™'b™!. The direct 
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product is a factor group of the free product, and the kernel is precisely the normal 
subgroup generated by all the cross commutators. 


Theorem 14.8.9. Suppose that A and B are disjoint groups. Then 
AxB= (Ax B)/H, 


where H is the normal closure in A x B of all the cross commutators. In particular, a 
presentation for A x B is given by 


Ax B = (gens A, gens B; rels A, rels B, [a,b] for alla ¢ A,b € B). 


This coincides with the concept in Section 10.3. 


14.9 Exercises 


1. Let X~ be aset disjoint from X, but bijective to X. A word in X is a finite sequence 

of letters from the alphabet. That is, a word has the form 
Gi, &i Ei, 
Wwe Xi Xi, ae Xi Z 

where Xj, € X, and Ej, = +1. Let W(X) be the set of all words on X. 
If w1, w, € W(X), we say that w, is equivalent to W>, denoted by w, ~ wW2, if w, can be 
converted to w, by a finite string of insertions and deletions of trivial words. Verify 
that this is an equivalence relation on W(X). 

2. In F(X), let N(X) be the subgroup generated by all squares in F(X); that is, 


N(X) = ({g* : g € F(X)}). 


Show that N(X) is a normal subgroup, and that the factor group F(X)/N(X) is 
Abelian, where every nontrivial element has order 2. 

3. Show that a free group F is torsion-free. 

. Let F bea free group, and a,b ¢€ F. Show: If ak = b*, k #0, thena = b. 

5. Let F = (a,b; ) bea free group with basis {a, b}. Let c; = a ‘bal, i € Z. Show that 
then G = (c;,i € Z) is free with basis {c; | i € Z}. 

6. Show that (x, yxy, x7y4) = (x;X) = {i}. 

7. Let G = (Vy,...,V_sVt---V4),n > 1,anda: G > Z, be the epimorphism with 
a(v;) = —1 for all i. Let U be the kernel of a. Show that then U has a presentation 

U = (Xe Xp Yas Vn" Yn1Xn Va Xana = YX 

8. Let M = (x,y;x’,y’) = PSL(2, Z) be the modular group. Let M’ be the commutator 

subgroup. Show that M’ is a free group of rank 2 with a basis {[x, y], [x, y]}. 


15 Finite Galois Extensions 


15.1 Galois Theory and the Solvability of Polynomial Equations 


As we mentioned in Chapter 1, one of the origins of abstract algebra was the problem 
of trying to determine a formula for finding the solutions in terms of radicals of a fifth 
degree polynomial. It was proved first by Ruffini in 1800 and then by Abel that, in 
general, it is impossible to find a formula in terms of radicals for such a solution. In 
1820, Galois extended this and showed that such a formula is impossible for any degree 
five or greater. In proving this, he laid the groundwork for much of the development 
of modern abstract algebra, especially field theory and finite group theory. One of the 
goals of this book has been to present a comprehensive treatment of Galois theory and 
a proof of the results mentioned above. At this point, we have covered enough general 
algebra and group theory to discuss Galois extensions and general Galois theory. 

In modern terms, Galois theory is that branch of mathematics, which deals with the 
interplay of the algebraic theory of fields, the theory of equations, and finite group the- 
ory. This theory was introduced by Evariste Galois about 1830 in his study of the insolv- 
ability by radicals of quintic (degree 5) polynomials, a result proved somewhat earlier 
by Ruffini, and independently by Abel. Galois was the first to see the close connection 
between field extensions and permutation groups. In doing so, he initiated the study of 
finite groups. He was the first to use the term group as an abstract concept, although his 
definition was really just for a closed set of permutations. 

The method Galois developed not only facilitated the proof of the insolvability of the 
quintic and higher powers, but led to other applications, and to a much larger theory. 

The main idea of Galois theory is to associate to certain special types of algebraic 
field extensions called Galois extensions, a group called the Galois group. The properties 
of the field extension will be reflected in the properties of the group, which are some- 
what easier to examine. Thus, for example, solvability by radicals can be translated into 
solvability of groups, which was discussed in Chapter 12. Showing that for every poly- 
nomial of degree five or greater, there exists a field extension whose Galois group is not 
solvable proves that there cannot be a general formula for solvability by radicals. 

The tie-in to the theory of equations is as follows: Iff(x) = 0is a polynomial equation 
over some field K, we can form the splitting field K. This is usually a Galois extension, 
and therefore has a Galois group called the Galois group of the equation. As before, prop- 
erties of this group will reflect properties of this equation. 


15.2 Automorphism Groups of Field Extensions 


To define the Galois group, we must first consider the automorphism group ofa field ex- 
tension. In this section, K, L, M will always be (commutative) fields with additive iden- 
tity 0 and multiplicative identity 1. 
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Definition 15.2.1. Let L|K be a field extension. Then the set 
Aut(L|K) = {a € Aut(L) : x = the identity on K} 


is called the set of automorphisms of L over K. Notice that if a € Aut(L|K), then a(k) =k 
for allk € K. 


Lemma 15.2.2. Let L|K be afield extension. Then Aut(L|K) forms a group called the Galois 
group of L|K. 


Proof. Aut(L|K) c Aut(L). Hence, to show that Aut(L|K) is a group, we only have to show 
that its a subgroup of Aut(Z). Now the identity map on L is certainly the identity map on 
K,so1 € Aut(L|K); hence, Aut(L|K) is nonempty. If a, 8 ¢ Aut(L|K), then consider ag. 
If k € K, then B(k) = k, and a(k) = k,soa*(k) =k. 

Therefore, a'8(k) = k for all k € K, and hence a1 «€ Aut(L|K). It follows that 
Aut(L|K) is a subgroup of Aut(L), and therefore a group. 


If f(x) € K[x] \ K and L is the splitting field of f(x) over K, then Aut(L|K) is also 
called the Galois group of f(x). 


Theorem 15.2.3. If P is the prime field of L, then Aut(L|P) = Aut(L). 


Proof. We must show that any automorphism of a prime field P is the identity. Now 
if a € Aut(L), then a(1) = 1, and so a(n- 1) = n-1. Therefore, in P, a fixes all integer 
multiples of the identity. However, every element of P can be written as a quotient me of 
integer multiples of the identity. Since a is a field homomorphism and a fixes both the 
top and the bottom, it follows that a will fix every element of this form, and hence fix 
each element of P. 


For splitting fields, the Galois group is a permutation group on the zeros of the defin- 
ing polynomial. 


Theorem 15.2.4. Let f(x) ¢ K[x] and L the splitting field of f(x) over K. Suppose that f (x) 

has Zeros Q1,...;An, € L. 

(a) Then each @ € Aut(L|K) is a permutation on the zeros. In particular, Aut(L|K) is 

isomorphic to a subgroup of S,, and uniquely determined by the zeros of f (x). 

If f (x) is irreducible, then Aut(L|K) operates transitively on {a,,...,a,}. Hence, for 

each i,j, there is a o € Aut(L|K) such that $(a;) = aj. 

(c) Iff(x) = D(x - q)---(X - a) with a,..., A, pairwise distinct and Aut(L|K) operates 
transitively on a,...,Q,, then f(x) is irreducible. 


(b 


eS 


Proof. For the proofs, we use the results of Chapter 8. 
For (a), let @ € Aut(L|K). Then, from Theorem 8.1.5, we obtain that @ permutes the 
ZeYOS Gy,..., An. Hence, Pjja,,....a,} € Sn: This map then defines a homomorphism 


sit) 


tT: Aut(L|K) — S, by t(@) = Pifcg..dh}* 
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Furthermore, @ is uniquely determined by the images ¢(a;). It follows that Tt is a 
monomorphism. 

We now prove (b). If f(x) is irreducible, then Aut(L|K) operates transitively on the 
set {a,,...,@,}, again following from Theorem 8.1.5. 

Finally, for (c), suppose that f(x) = b(x - a)---(x - a) with q,,...,a, distinct and 
f € Aut(Z|K) operates transitively on a,,...,a,. Now, assume that f(x) = g(x)h(x) with 
&(x), h(x) € K[x] \ K. Without loss of generality, let a, be a zero of g(x) and a, be a zero 
of h(x). 

Let a € Aut(L|K) with a(a,) = a,. However, a(g(x)) = g(x); that is, a(a,) is a zero of 
a(g(Xx)) = g(x), which gives a contradiction since a,, is not a zero of g(x). Therefore, f(x) 
must be irreducible. 


Example 15.2.5. Let f(x) = (x7—2)(x?-3) € Q[x]. The field L = Q(-v2, v3) is the spitting 
field of f(x). 
Over L, we have 


f(x) = (x + V2)(x — V2)(x + V3)(x - V3). 


We want to determine the Galois group Aut(Z|Q) = Aut(L) = G. 
Lemma 15.2.6. The Galois group G above is the Klein 4-group. 


Proof. First, we show that |Aut(L)| < 4. Let a € Aut(Z). Then a is uniquely determined 
by a(-V2) and a(v3), and 


a(2) = 2 = (v2) = a(v2) = (av). 


Hence, a(v2) = + V2. Analogously, a(v3) = +3. From this it follows that |Aut(L)| < 4. 
Furthermore, a” = 1 for anya € G. 

Next we show that the polynomial f(x) = x? — 3 is irreducible over K = Q(v2). 
Assume that x” — 3 were reducible over K. Then V3 ¢ K. This implies that V3 = ¢ + $ v2 
with a,b,c,d € Zand b # 0 # d,and gcd(c,d) = 1. Then bd v3 = ad + bc v2, hence 
3b°d2 = ab? + 2b*c* + 2V2adbc. Since bd # 0, this implies that we must have ac = 0. 
Ifc = 0, then V3 = $ € Q,a contradiction. If a = 0, then V3 = $ v2, which implies 
3d = 2c’. It follows from this that 3| gcd(c, d) = 1, again a contradiction. 

Hence f(x) = x” — 3 is irreducible over K = Q(v2). 

Since L is the splitting field of f(x) and f(x) is irreducible over K, then there exists 
an automorphism a ¢ Aut(L) with a(v3) = -V3 and ax = Ix; that is, a(-v2) = v2. 
Analogously, there is a B ¢ Aut(L) with (V2) = —v2 and B( v3) = v3. 

Clearly, a # 8B, aB = Ba and a + af ¢ B. It follows that Aut(L) = {1, a, B, aB}, complet- 
ing the proof. 
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15.3 Finite Galois Extensions 


We now define (finite) Galois extensions. First, we introduce the concept of a fix field. 
Let K be a field and G a subgroup of Aut(K). Define the set 


Fix(K, G) = {k « K: g(k) =k for all g ¢€ G}. 


Theorem 15.3.1. ForaG c Aut(K), the set Fix(K, G) is a subfield of K called the fix field 
of G over K. 


Proof. 1 € K isin Fix(K, G), so Fix(K, G) is not empty. Let k,, ky € Fix(K, G), and let g € G. 
Then g(k, + ka) = g(k,) + g(k,) since g is an automorphism. 

Then g(k,) + g(Ky) = k, + ky, and it follows that k, + k, € Fix(K, G). In an analogous 
manner, k,k, 1 € Fix(K, G) if k, # 0; therefore, Fix(K, G) is a subfield of K. 


Using the concept of a fix field, we define a finite Galois extension. 


Definition 15.3.2. The extension L|K is a (finite) Galois extension if there exists a finite 
subgroup G c Aut(L) such that K = Fix(L, G). 


We now give some examples of finite Galois extensions: 
Lemma 15.3.3. Let L = Q(v2, V3) and K = Q. Then L|K is a Galois extension. 


Proof. Let G = Aut(L|K). From the example in the previous section, there are automor- 
phisms a, B € G with 


a(v3) =-v3, a(v2)=-v2 and B(v2)=-v2, B(v3) = v3. 
We have 
Q( v2, V3) = {c+ dv3: c,d € Q(v2)}. 


Let t = a, + by V2 + (a, +b, V2) V3 € Fix(L, G). 
Then applying 6, we have 


t= Bit) =Q, —b,V2+ (ay — by V2) V3. 


It follows that b, + b, V3 = 0; that is, b, = b, = 0 since v3 ¢ Q. Therefore, t = a, + a, V3. 
Applying a, we have a(t) = a, — a, V3, and hence a, = 0. Therefore, t = a, ¢ Q. Hence 
Q = Fix(L, G), and L|K is a Galois extension. 


Lemma 15.3.4. Let L = Q(2!) and K = Q. Then L|K is not a Galois extension. 


Proof. Suppose that a € Aut(L) anda = 24 . Then ais a zero of x*—2, and hence a(a) = 24 
1 1 1 

or a(a) = i24 ¢ Lsincei ¢ L or a(a) = —24 or a(a) = -i24 ¢ L since i ¢ L. In particular, 

a(v2) = v2; therefore, 


Fix(L, Aut(L)) = Q(v2) # Q. 
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15.4 The Fundamental Theorem of Galois Theory 


We now state the fundamental theorem of Galois theory. This theorem describes the 
interplay between the Galois group and Galois extensions. In particular, the result ties 
together subgroups of the Galois group and intermediate fields between L and K. 


Theorem 15.4.1 (Fundamental theorem of Galois theory). Let L|K be a Galois extension 
with Galois group G = Aut(L|K). For each intermediate field E, let T(E) be the subgroup 
of G fixing E. Then the following hold: 
(1) tis a bijection between intermediate fields containing K and subgroups of G. 
(2) LIK is a finite extension, and if M is an intermediate field, then |L : M| = |Aut(L|M)| 
and |M : K| = |Aut(L|K) : Aut(L|M)|. 
(3) IfM is an intermediate field, then the following hold: 
(a) L|M is always a Galois extension. 
(b) M|K is a Galois extension if and only if Aut(L|M) is a normal subgroup of 
Aut(L|K). 
(4) IfM is an intermediate field and M\K is a Galois extension we have the following: 
(a) a(M) =M for alla € Aut(L|K). 
(b) The map @ : Aut(L|K) > Aut(M|K) with (a) = ay = B is an epimorphism. 
(c) Aut(M|K) = Aut(L|K)/ Aut(L|M). 
(5) The lattice of subfields of L containing K is the inverted lattice of subgroups of 
Aut(L|K). 


We will prove this main result via a series of theorems, and then combine them all. 


Theorem 15.4.2. Let G be a group, K a field, and a,,...,a, pairwise distinct group ho- 
momorphisms from G to K*, the multiplicative group of K. Then a,...,a, are linearly 
independent elements of the K-vector space of all homomorphisms from G to K. 


Proof. We use induction on n. Ifn = 1 and ka, = 0 withk ¢€ K, then 0 = ka,(1) = k-1, 
and hence k = 0. Now suppose that n > 2, and suppose that each n - 1 of the qy,..., a, 
are linearly independent over K. If 


n 
> kiai = 0, kj € K, (*) 
i=1 


then we must show that all k; = 0. Since a, # a,, there exists an a € G such that a,(a) # 
a, (a). Let g € Gand apply the sum above to ag. We get 


n 


Y ki(a;(a)) (ai(g)) = 0. (##) 


i=1 


Now multiply equation («) by a,(a) € K to get 


Maes 


ki(a,(a))(a;(g)) = 0. (+ * ) 


I 
B 
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If we subtract equation (+ « «) from equation (««), then the last term vanishes and we 
have an equation in the n—1homomorphism ay, ...,@,_. Since these are linearly inde- 
pendent, we obtain 


ky(ay(a)) — ky(an(a)) = 0 


for the coefficient for a,. Since a,(a) # a,(a), we must have k, = 0. Now dy,...,@p)_1 are 
by assumption linearly independent, so k, = --- = kK, = 0 also. Hence, all the coefficients 
must be zero, and therefore the mappings are independent. 


Theorem 15.4.3. Let a,,..., a, be pairwise distinct monomorphisms from the field K into 
the field K’. Let 


L={k €K : a,(k) =a,(k) =---=a,(k)}. 


Then L is a subfield of K with |L: K| =n. 


Proof: Certainly L is a field. Assume that r = |K : L| < n, and let {a,,...,a,} be a basis 
of the L-vector space K. We consider the following system of linear equations with r 
equations and n unknowns: 


(a4 (a4))Xq + +++ + (Ay(Qy))xX, = 0 


(a,(a,))xXq + +++ + (Q,(G,)) Xp = 0. 


Since r < n, there exists a nontrivial solution (x;,...,X,) € (K’)". 
Let a ¢ K. Then 


r 
a=) |a; with] «L. 
j=l 


From the definition of L, we have 
a, (Ij) = a;(J;) fori =2,...,n. 
Then with our nontrivial solution (x;,...,X;,), we have 
n n r r n 
2, Xi(@i(@)) = ya( 5 autpavap | = D (auth) 2 ri(ai(a) =0 


since a,(Jj) = a,(1;) fori = 2,...,n. This holds for all a € K, and hence Sepa, = 0, 
contradicting Theorem 15.4.2. Therefore, our assumption that |K : L| < n must be false, 
and hence |K : L| =n. 
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Definition 15.4.4. Let K be a field and G a finite subgroup of Aut(K). The map 
trg : K-— K, given by 


trg(k) = ¥ alk), 


aceG 
is called the G-trace of K. 


Theorem 15.4.5. Let K be a field and G a finite subgroup of Aut(K). Then 
{0} # tr¢(K) ¢ Fix(K, G). 
Proof. Let B ¢ G. Then 


B(tre(k)) = Y Balk) = ¥' alk) = trg(k). 
acG acG 
Therefore, tr¢(K) ¢ Fix(K, G). 

Now assume that tr¢(k) = 0 for all k « K. Then },.¢a(k) = Ofor all k ¢€ K. It 
follows that }\,<¢ ais the zero map; hence, the set of all a € Gare linearly dependent as 
elements of the K-vector space of all maps from K to K. This contradicts Theorem 15.4.2, 
and hence the trace cannot be the zero map. 


Theorem 15.4.6. Let K be a field and G a finite subgroup of Aut(K). Then 
|K : Fix(K, G)| = |G. 


Proof. Let L = Fix(K,G), and suppose that |G| = n. From Theorem 15.4.3, we know that 
|K : L| > n. We must show that |K : L| <n. 

Suppose that G = {a,,...,a,}. To prove the result, we show that ifm > n and 
y,...,4m € K, then a,,...,@, are linearly dependent. 

We consider the system of equations 


(ay (a) )%y + +++ + (y(n) Xm = 0 


(a7,"(a,))X4 feet (a7, \(Gm)) Xm =0. 


Since m > n, there exists a nontrivial solution (y,,...,¥m_) € K™. Suppose that y, # 0. 
Using Theorem 15.4.5, we can choose k € K with tr¢(k) # 0. Define 


(Xie) aI, Oda): 


This m-tuple (x,,...,X,,) is then also a nontrivial solution of the system of equations 
considered above. 
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Then we have 
tr¢(X) = trg(k) since x, =k. 
Now we apply a; to the i-th equation to obtain 


Ay (04 (X1)) +++ + Am (G4 (Xm)) = 0 


Ay (Ay (Xq)) +++ + Ay (Ay(X%m)) = 0. 


Summation leads to 


by definition of the G-trace. Hence, a,...,@,, are linearly dependent over L since 
trg(x;) # 0. Therefore, |K : L| < n. Combining this with Theorem 15.4.3, we get that 
IK : Ll =n=|Gl. 


Theorem 15.4.7. Let K be a field and G a finite subgroup of Aut(K). Then 
Aut(K|Fix(K, G)) = G. 


Proof. We have G c Aut(K|Fix(K,G)). Since if g € G, then g € Aut(K), and g fixes 
Fix(K, G) by definition. Therefore, we must show that Aut(K|Fix(K,G)) c G. 

Assume then that there exists an a € Aut(K| Fix(K,G)) with a ¢ G. Suppose, as in 
the previous proof, |G| = nand G = {a,,...,a,} with a, = 1. Now 


Fix(K, G) = {ae K:a=a,(a) =---=a,(a)} 


= {ae K:a(a)=a=a,(a) =---=a,(a)}. 


From Theorem 15.4.3, we have that |K : Fix(K, G)| > n+1. However, from Theorem 15.4.6, 
|K : Fix(K, G)| = n, getting a contradiction. 


Suppose that L|K is a Galois extension. We now establish that the map tT between 
intermediate fields K c E c L and subgroups of Aut(L|K) is a bijection. 


Theorem 15.4.8. Let L|K be a Galois extension. Then we have the following: 
(1) Aut(L|K) is finite and 


Fix(L, Aut(L|K)) = K. 
(2) IfH c Aut(L|K), then 


Aut(L|Fix(L,H)) = H. 
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Proof. If (L|K) is a Galois extension, there exists a finite subgroup G of Aut(L) with K = 
Fix(K, G). From Theorem 15.4.7, we have G = Aut(L|K). In particular, Aut(L|K) is finite, 
and K = Fix(L, Aut(L|K)). 

Now, let H c Aut(L|K). From the first part, H is finite, and then Aut(L|Fix(Z, H)) = H 
from Theorem 15.4.7. 


Theorem 15.4.9. Let L|K be a field extension. Then the following are equivalent: 
(1) LIK is a Galois extension. 

(2) |L: K| = |Aut(L|K)| < oo. 

(3) |Aut(Z|K)| < 00, and K = Fix(L, Aut(L|K)). 


Proof. (1) = (2): Now, from Theorem 15.4.8, |Aut(L|K)| < oo, and Fix(L, Aut(L|K)) = K. 
Therefore, from Theorem 15.4.6, |L : K| = |Aut(Z|K)|. 
(2) = (3): Let G = Aut(L|K). Then K c Fix(L, G) c L. From Theorem 15.4.6, we have 


IL : Fix(L,G)| = |G] = |L: Kl. 


(3) = (1) follows directly from the definition completing the proof. 


We now show that if L|K is a Galois extension, then L|M is also a Galois extension 
for any intermediate field M. 


Theorem 15.4.10. Let L|K be a Galois extension and K c M c L be an intermediate field. 
Then L|M is always a Galois extension, and 


|M : K| = |Aut(L|K) : Aut(L|M)|. 


Proof. Let G = Aut(L|K). Then, from Theorem 15.4.9, |G| < co, and K = Fix(L, G). Define 
H = Aut(L|M) and M’ = Fix(L,H). We must show that M’ = M for then L|M is a Galois 
extension. 

Since the elements of H fix M, we have M c M’. Let G = Ui_, aH, a disjoint union 


of the cosets of H. Let a, = 1, and define 8; = aj. The B;,...,, are pairwise distinct for 
1 


if Bj = B;; that is ay, = aj. Then aj a; € H, so a; and a; are in the same coset. 
We claim that 
fae M: B,(a) =--- = B,(a)} = MN Fix(L, G). 


Moreover, from Theorem 15.4.9, we know that 
MnFix(L,G)=MnkK =K. 
To establish the claim, it is clear that 
MN Fix(L,G) c {ae M: B,(a) =--- = B,(a)}, 
since 


a=Ba)=a,(a) fora;eG, ack. 
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Hence, we must show that 
fae M: B,(a) =--- = B,(a)} ¢ MN Fix(L,G). 


To do this, we must show that a(b) = b for alla ¢ G,b € M. We havea €«€ a,H for 
some i, and hence a = a;y for y « H. We obtain then 


a(b) = a;(y(b)) = a;(b) = B,(b) = b, 


proving the inclusion and establishing the claim. 
Now, from Theorem 15.4.3, |M : K| > r. From the degree formula, we get 


|L : M'||M’: M||M: K| =|L: K| =|G| =|G: H||H| =r|L: M'|, 


since, from Theorem 15.4.9, |L : K| = |G| and |H| = |L : M’|. Therefore, |M : M’| = 1. 
Hence, M = M’, since |M : K| > r.Now 


|M : K| = |G: H| = |Aut(Z|K) : Aut(L|M)|, 


completing the proof. 


Lemma 15.4.11. Let L|K be a field extension and K c M c L be an intermediate field. If 
a € Aut(L|K), then 


Aut(L\a(M)) = a Aut(L|M)a™?. 


Proof. Now, B € Aut(L|a(M)) if and only if B(a(a)) = a(a) for all a € M. This occurs if 
and only if a~‘Ba(a) = afor alla € M, whichis true if and only if B € a Aut(L|M)at. 


Lemma 15.4.12. Let L|K be a Galois extension and K c M c L be an intermediate field. 
Suppose that a(M) = M for alla € Aut(L|K). Then 


@ : Aut(L|K) > Aut(M|K)_ with @(a) = qy 


is an epimorphism with kernel ker(@) = Aut(L|M). 


Proof. It is clear that @ is a homomorphism with ker(@) = Aut(Z|M) (see exercises). We 
must show that it is an epimorphism. 
Let G = im(@). Since L|K is a Galois extension, we get that 


Fix(M, G) = Fix(L, Aut(Z|K)) Nn M=KnM=K. 
Then, from Theorem 15.4.8, we have 


Aut(M|K) = Aut(M|Fix(M, G)) = G, 


and therefore @¢ is an epimorphism. 
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Theorem 15.4.13. Let L|K be a Galois extension and K c M c L bean intermediate field. 
Then the following are equivalent: 

(1) M\|K is a Galois extension. 

(2) Ifa € Aut(L|K), then a(M) = M. 

(3) Aut(L|M) is anormal subgroup of Aut(L|K). 


Proof: (1) = (2): Suppose that M|K is a Galois extension. Let Aut(M|K) = {a,,...,a,}. 
Consider the a; as monomorphisms from M into L. Leta,,, : M — Lbeamonomorphism 
with a = 1. Then 


T+hix 


{a € M : a,(a) = a,(a) = --- = a,(a) = a,44(@)} = K, 


since M|K is a Galois extension. Therefore, from Theorem 15.4.3, we have that if the 
Qy,..-,@,, Ay, are distinct, then 


|M:K|>r+1>r= |Aut(M|K)|=|M: Kl, 


giving a contradiction. Hence, if a,,, ¢ Aut(L|K) is arbitrary, then a, Hy © {p++ Op} 
that is, a,,, fixes M. 

(2) = (1): Suppose that if a ¢ Aut(Z|K), then a(M) = M. The map ¢ : Aut(L|K) > 
Aut(M|K) with @(a) = ain is surjective. Since L|K is a Galois extension, then Aut(L|K) is 
finite. Therefore, also H = Aut(M|K) is finite. To prove (1) then, it is sufficient to show 
that K = Fix(M, H). 

The field K c Fix(M, H) from the definition of the fix field. Hence, we must show 
that Fix(M,H) c K. Assume that there exists an a € Aut(L|K) with a(a) + a for some 
a € Fix(M,H). Recall that L|K is a Galois extension, and therefore Fix(L, Aut(L|K)) = K. 
Define B = ay. Then B ¢ H, since a(M) = M and our original assumption. Then f(a) # a, 
contradicting a ¢ Fix(M, H). Therefore, K = Fix(M, H), and MK is a Galois extension. 

(2) = (3): Suppose that if a € Aut(L|K), then a(M) = M. Then Aut(L|M) is a normal 
subgroup of Aut(L|K) follows from Lemma 15.4.12, since Aut(L|M) is the kernel of @. 

(3) = (2): Suppose that Aut(Z|M) is anormal subgroup of Aut(Z|K). Leta € Aut(L|K), 
then from our assumption and Lemma 15.4.11, we get that 


Aut(Z|a(M)) = Aut(L|M). 
Now L|M and L|a(M) are Galois extensions by Theorem 15.4.10. Therefore, 


a(M) = Fix(L, Aut(L|a(M)) = Fix(L, Aut(L|M)) = M, 


completing the proof. 


We now combine all of these results to give the proof of Theorem 15.4.1, the funda- 
mental theorem of Galois theory. 
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Proof of Theorem 15.4.1. Let L|K be a Galois extension. 

For (1), let G c Aut(L|K). Both G and Aut(L|K) are finite from Theorem 15.4.8. Fur- 
thermore, G = Aut(L|Fix(L, G)) from Theorem 15.4.7. Now let M be an intermediate field 
of L|K. Then L|M is a Galois extension from Theorem 15.4.10, and then Fix(L, Aut(L|M)) = 
M from Theorem 15.4.8. 

For (2), let M be an intermediate field of L|K. From Theorem 15.4.10, L|M is a Ga- 
lois extension. From Theorem 15.4.9, we have |L : M| = |Aut(L|M)|. Applying Theo- 
rem 15.4.10, we get the result on indices 


[M : K| = |Aut(L|K) : Aut(L|M)}. 


For (3), let M be an intermediate field of L|K. From Theorem 15.4.10, we have that 
L|M is a Galois extension, hence (a) holds. From Theorem 15.4.13, M|K is a Galois exten- 
sion if and only if Aut(L|M) is anormal subgroup of Aut(L|K), that is, (b) holds. 

For (4), let M|K be a Galois extension. Assertion (a) holds because a(M) = M for all 
a € Aut(L|K) by Theorem 15.4.13. The map @ : Aut(Z|K) — Aut(M|K) with ¢(a) = ay = B 
is an epimorphism by Lemma 15.4.12 and Theorem 15.4.13, hence (b) holds. Assertion (c), 
that is, Aut(M|K) = Aut(L|K)/ Aut(Z|M), follows directly from the group isomorphism 
theorem. 

That the lattice of subfields of L containing K is the inverted lattice of subgroups 
of Aut(L|K) follows directly from the previous results, this shows (5) and finishes the 
proof. 


In Chapter 8, we looked at Example 8.1.7. Here, we analyze it further using the Galois 
theory. 


Example 15.4.14. Let f(x) = Gf Ape Q[Xx]. This has no zeros in Q, and since it is of 
degree 3, it follows that it must be irreducible in Q[x]. 


Let w = 5 + Bi € C. Then it is easy to show by computation that 
1 : 
peck 3 and w=1. 
2 2 


Therefore, the three zeros of f(x) in C are 
ay = qe Ay = w(7"), a3 = w?(7"), 


Hence, L = Q(dj, dy, a3) is the splitting field of f(x). Since the minimal polynomial 
of all three zeros over Q is the same f(x), it follows that 


Q(a,) = Q(ay) = Q(as). 


Since Q(a,) c Rand ap, a3 are nonreal, it is clear that a), a3 ¢ Q(a,). 

Suppose that Q(a,) = Q(a3). Then w = a3; € Q(a,), and so qs way € Q(a)). 
Hence, Q(a,) ¢ Q(a,); therefore, Q(a,) = Q(a,) since they are of the same degree over Q. 
This contradiction shows that Q(a,) and Q(a;) are distinct. 
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By computation, we have a, = a;'a3, and hence 
L = Q(ay, dy, dg) = Q(ay, 2) = Q(7"*, w). 
Now the degree of L over Q is 


IL: Q) = |E(7'3, w) : Q@)||Q@) : Q|. 


Now |Q(w) : Q| = 2, since the minimal polynomial of w over Q is x7 +x +1. Since no 
zero of f(x) lies in Q(w), and the degree of f(x) is 3, it follows that f(x) is irreducible over 
Q(w). Therefore, we have that the degree of L over Q(w) is 3. Hence, |L : Q| = (2)(3) = 6. 

Clearly then, we have the following lattice of intermediate fields: 


Q(ay) Q(a2) Q(a3) Q(w) 
NY a 
3 2 
Q 


The question then arises as to whether these are all the intermediate fields. The 
answer is yes, which we now prove. 

Let G = Aut(LZ|Q) = Aut(Z). (Aut(Z/Q) = Aut(Z), since Q is a prime field.) Now 
G = S3. G acts transitively on {a;, a), a3}, since f is irreducible. Let 6 : C — C be the 
automorphism of C taking each element to its complex conjugate; that is, 6(z) = Z. Then 
6(f) =f and 6), ¢ G (Theorem 8.2.2). Since a, € R, we get that d)q..4,,a,} = (Ay: 4s), the 
2-cycle that maps a, to a3 and a3 to a. Since Gis transitive on {a,, a2, a3}, there isatT €G 
with T(a,) = a. 

Case 1: T(a3) = dz. Then T = (Qj, Ay), aNd (Ay, Ay)(Ay, Az) = (Ay, Ay, Az) € G. 

Case 2: T(a3) # ag. Then T is a 3-cycle. In either case, G is generated by a transposition 
and a 3-cycle. Hence, G is all of S3. Then L|Q is a Galois extension from Theorem 15.4.9, 
since |G| = |L : Q|. 

The subgroups of S3 are as follows: 


((a, a3) ((ay, @3)) ((@4,42)) ((a4, Az, a3)) 


SAO 
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Hence, the above lattice of fields is complete. L|Q, Q|Q, Q(w)|Q and L|Q(a;) are Ga- 


lois extensions, whereas Q(a;)|Q with i = 1,2,3 are not Galois extensions. 


15.5 Exercises 


1. 


Let K c M c Lbeachain of fields, and let @ : Aut(Z|K) — Aut(M|K) be defined by 

(a) = Qyy. Show that ¢ is an epimorphism with kernel ker(@) = Aut(L|M). 

Show that Q(5! )}Q(-V75) and Q(¥5)|Q are Galois extensions, and Q(54)|Q is nota 

Galois extension. 

Let L|K be a field extension and u,v € L algebraic over K with |K(u) : K| = mand 

|K(v) : K| = n. Ifm and n are coprime, then |K(u, v) :K| =n-m ' 

Let p, q be prime numbers with p # q. Let L = Q( yp, q3). Show that L = Q(/p- q3). 

Determine a basis of L over Q and the minimal polynomial of ./p - qi. 

Let K = Q(2*) withn > 2. 

(i) Determine the number of Q-embeddings o : K — R. Show that for each such 
embedding, we have o(K) = K. 

(ii) Determine Aut(K|Q). 


Let a = \5 +25. 

(i) Determine the minimal polynomial of a over Q. 

(ii) Show that Q(a)|Q is a Galois extension. 

(iii) Determine Aut(Q(a)|Q). 

Let K be a field of prime characteristic p, and let f(x) = x? -x + a € K bean 
irreducible polynomial. Let L = K(v), where v is a zero of f(x). 

(i) Ifaisa zero of f(x), then also a + Lis. 

(ii) L|K is a Galois extension. 

(iii) There is exactly one K-automorphism o of L with o(v) =v +1. 

(iv) The Galois group Aut(L|K) is cyclic with generating element o. 


16 Separable Field Extensions 


16.1 Separability of Fields and Polynomials 


In the previous chapter, we introduced and examined Galois extensions. Recall that L|K 
is a Galois extension if there exists a finite subgroup G c Aut(Z) with K = Fix(L, G). The 
following questions logically arise: 

(14) Under what conditions is a field extension L|K a Galois extension? 

(2) IfL|K is a Galois extension when L is the splitting field of a polynomial f(x) € K[x]? 


In this chapter, we consider these questions and completely characterize Galois exten- 
sions. To do this, we must introduce separable extensions. 


Definition 16.1.1. Let K bea field. Then a nonconstant polynomial f(x) € K[x] is called 
separable over K if each irreducible factor of f(x) has only simple zeros in its splitting 
field. 


We now extend this definition to field extensions. 


Definition 16.1.2. Let L|K be a field extension and a € L. Then a is separable over K ifa 
is a zero of a separable polynomial. The field extension L|K is a separable field extension, 
or just separable if alla € L are separable over K. In particular, a separable extension is 
an algebraic extension. 


Finally, we consider fields, where every nonconstant polynomial is separable. 


Definition 16.1.3. A field K is perfect if each nonconstant polynomial in K[x] is separa- 
ble over K. 


The following is straightforward from the definitions: An element a is separable 
over K if and only if its minimal polynomial m,(x) is separable. 

If f(x) € K[x], then f(x) = Yito kx! with k; ¢ K. The formal derivative of f(x) is then 
f' (x) = Yi, ik,x'. As in ordinary Calculus, we have the usual differentiation rules 


(F(x) +80)! =f") +2") 
and 
(fodg(x)' = f0Og00 + F008" 00) 


for f(x), g(x) € K[X]. 


Lemma 16.1.4. Let K be a field and f(x) an irreducible nonconstant polynomial in K [x]. 
Then f (x) is separable if and only if its formal derivative is nonzero. 
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Proof. Let L be the splitting field of f(x) over K. Let f(x) = (x — a)"g(x), where (x — a) 
does not divide g(x). Then 


f' 0) = (x - a)" "(rg(x) + (x - a)g"(x)). 


If f'(x) # 0, then a is a zero of f(x) in L over K of multiplicity m > 2 if and only if 
(x — a)|f (x), and also (x — a)|f"(x). 

Let f(x) be a separable polynomial over K [x], and let a be a zero of f(x) in L. Then 
if f(x) = (x - a)"g(x) with (x - a) not dividing g(x), we must have r = 1. Then 


f'(O) = g(x) + (x- @g" (x). 


If g'(x) = 0, then f(x) = g(x) # 0. Now suppose that g’(x) # 0. Assume that f’(x) = 0; 
then, necessarily, (x — a)|g(x) giving a contradiction. Therefore, f’(x) # 0. 

Conversely, suppose that f’ (x) # 0. Assume that f (x) is not separable. Then both f(x) 
and f’(x) have acommon zero a ¢€ L. Let m,(x) be the minimal polynomial of a in K[x]. 
Then m,(x)|f (x), and m,(x)|f’ (x). Since f (x) is irreducible, then the degree of m,(x) must 
equal the degree of f (x). But m,(x) must also have the same degree as f” (x), which is less 
than that of f(x), giving a contradiction. Therefore, f(x) must be separable. 


We now consider the following example of a nonseparable polynomial over the fi- 
nite field Z, of p elements. We will denote this field now as GF(p), the Galois field of p 
elements. 


Example 16.1.5. Let K = GF(p) and L = K(C), the field of rational functions in t over K. 
Consider the polynomial f(x) = x? —t € L[x]. 

Now K[t]/tK[t] = K. Since K is a field, this implies that tK[t] is a maximal ideal, 
and hence a prime ideal in K[t] with prime element t € K[t] (see Theorem 3.2.7). By 
the Eisenstein criteria, f(x) is an irreducible polynomial in L[x] (see Theorem 4.4.8). 
However, f’ (x) = px? = 0, since char(K) = p. Therefore, f(x) is not separable. 


16.2 Perfect Fields 


We now consider when a field K is perfect. First, we show that, in general, any field 
of characteristic 0 is perfect. In particular, the rationals Q are perfect, and hence any 
extension of the rationals is separable. 


Theorem 16.2.1. Each field K of characteristic zero is perfect. 


Proof. Suppose that K is a field with char(K) = 0. Suppose that f(x) is a nonconstant 
polynomial in K[x]. Then f’(x) # 0. If f(x) is irreducible, then f(x) is separable from 
Lemma 16.1.4. Therefore, by definition, each nonconstant polynomial f(x) € K[X] is sep- 
arable. 
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We remark that in the original motivation for Galois theory, the ground field was 
the rationals Q. Since this has characteristic zero, it is perfect and all extensions are sep- 
arable. Hence, the question of separability did not arise until the question of extensions 
of fields of prime characteristic arose. 


Corollary 16.2.2. Any finite extension of the rationals Q is separable. 
We now consider the case of prime characteristic. 


Theorem 16.2.3. Let K be afield with char(K) = p # 0. Iff(x) is anonconstant polynomial 
in K [x], then the following are equivalent: 

() f(x) =0. 

(2) f(x) is a polynomial in x?; that is, there is a g(x) € K[x] with f(x) = g(x?). 


Tf in (A) and (2) f (x) is irreducible, then f (x) is not separable over K if and only if f (x) isa 
polynomial in x”. 

Proof. Let f(x) = Yi ax’. Then f’(x) = 0 if and only if pji for all i with a; # 0. But this 
is equivalent to 


(X) = @) + a,x? +---+a,x"™. 
0 Pp m 


If f(x) is irreducible, then f(x) is not separable if and only if f’(x) = 0 from 
Lemma 16.1.4. 


Theorem 16.2.4. Let K be a field with char(K) = p # 0. Then the following are equivalent: 
(1) K is perfect. 

(2) Each element in K has a p-th root in K. 

(3) The Frobenius homomorphism t : x +> x? is an automorphism of K. 


Proof. First we show that (1) implies (2). Suppose that K is perfect, and a € K. Then 
x? — ais separable over K. Let g(x) € K[x] be an irreducible factor of x? — a. Let L be 
the splitting field of g(x) over K, and b a zero of g(x) in L. Then b? = a. Furthermore, 
x? — hP = (x — b)? € L[x], since the characteristic of K is p. Hence, g(x) = (x — b)°, and 
then s must equal 1 since g(x) is irreducible. Therefore, b € K, and bis a p-th root of a. 

Now we show that (2) implies (3). Recall that the Frobenius homomorphism 7 is 
injective (see Theorem 1.8.8). We must show that it is also surjective. Let a € K, and let 
bbe a p-th root of aso that a = b?. Then t(b) = b? = a, and T is surjective. 

Finally, we show that (3) implies (1). Let t : x + x? be surjective. It follows that each 
a € K has a p-th root in K. Now let f(x) € K[x] be irreducible. Assume that f(x) is not 
separable. From Theorem 16.2.3, there is a g(x) € K[x] with f(x) = g(x”); that is, 


F(X) = ay +4,x? +---+4,,x"™. 


Let b; € K with a; = b?. Then 
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SOC) = BP BPX? 4 4 BP XM? = (By + Bx +20 + Dx). 


However, this is a contradiction since f(x) is irreducible. Therefore, f(x) is separable, 
completing the proof. 


Theorem 16.2.5. Let K be a field with char(K) = p # 0. Then each element of K has at 
most one p-th power in K. 


Proof. Suppose that b,,b, € K with bi = b> = a. Then 


0 = bt - bb = (D, —b,). 


Since K has no zero divisors, it follows that b, = b,. 


16.3 Finite Fields 


In this section, we consider finite fields. In particular, we show that if K is a finite field, 
then |K| = p™ for some prime p and natural number m > 0. Moreover, we show that if 
K,, Ky are finite fields with |K,| = |K,|, then K, = K,. Hence, there is a unique finite field 
for each possible order. 

Notice that if K is a finite field, then by necessity char K = p # 0. We first show that, 
in this case, K is always perfect. 


Theorem 16.3.1. A finite field is perfect. 


Proof. Let K be a finite field of characteristic p > 0. Then the Frobenius map T is surjec- 
tive since it is injective and K is finite. Therefore, K is perfect from Theorem 16.2.4. 


Next we show that each finite field has order p™ for some prime p and natural num- 
berm > 0. 


Lemma 16.3.2. Let K be a finite field. Then |K| = p™ for some prime p and natural number 
m> 0. 


Proof. Let K be a finite field with characteristic p > 0. Then K can be considered as a 
vector space over K = GF(p), and hence of finite dimension since |K| < oo. If q,...,Qm, 
is a basis, then each f € K can be written as f = cya, + --- + C,a,, with each c; € GF(p). 
Hence, there are p choices for each c;, and therefore p™ choices for each f. 


In Theorem 9.5.16, we proved that any finite subgroup of the multiplicative group 
of a field is cyclic. If K is a finite field, then its multiplicative subgroup K” is finite, and 
hence cyclic. 


Lemma 16.3.3. Let K be a finite field. Then its multiplicative subgroup K* is cyclic. 
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If K is a finite field with order p™, then its multiplicative subgroup K* has order 
p™ — 1. Then, from Lagrange’s theorem, each nonzero element to the power p” is the 
identity. Therefore, we have the result. 


Lemma 16.3.4. Let K be a field of order p™. Then each a « K is a zero of the polynomial 
x?" — x, In particular, if a # 0, then a is azero of x?" - 1, 


If K is a finite field of order p”, it is a finite extension of GF(p). Since the multiplica- 
tive group is cyclic, we must have K = GF(p)(a) for some a ¢€ K. From this, we obtain 
that for a given possible finite order, there is only one finite field up to isomorphism. 


Theorem 16.3.5. Let K;, K, be finite fields with |K,| = |Ky|. Then K, = Ky. 


Proof. Let |K,| = |K,| = p™. From the remarks above, K, = GF(p)(a), where a has order 
p™ —1in Kj. Similarly, K, = GF(p)(8), where f also has order p™ — 1 in Ky. Hence, 
GF(p)(a) = GF(p)(8), and therefore K, = K». 


In Lemma 16.3.2, we saw that if K is a finite field, then |K| = p” for some prime p and 
positive integer n. We now show that given a prime power p”, there does exist a finite 
field of that order. 


Theorem 16.3.6. Let p be a prime and n > 0 anatural number. Then there exists a field K 
of order p”. 


Proof. Given a prime p, consider the polynomial g(x) = xP" _x GF(p)[x]. Let K be the 
splitting field of this polynomial over GF(p). Since a finite field is perfect, K is a separable 
extension, and hence all the zeros of g(x) are distinct in K. 

Let F be the set of p” distinct zeros of g(x) within K. Let a, b ¢ F. Since 


(a+b)? =a? +b and (ab)? =a" db’, 
it follows that F forms a subfield of K. However, F contains all the zeros of g(x), and 


since K is the smallest extension of GF(p) containing all the zeros of g(x), we must have 
K =F. Since F has p” elements, it follows that the order of K is p”. 


Combining Theorems 16.3.5 and 16.3.6, we get the following summary result, indi- 
cating that up to isomorphism there exists one and only one finite field of order p”. 


Theorem 16.3.7. Let p be a prime and n > 0 a natural number. Then up to isomorphism, 
there exists a unique finite field of order p”. 


16.4 Separable Extensions 


In this section, we consider some properties of separable extensions. 
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Theorem 16.4.1. Let K bea field with K c LandL algebraically closed. Leta: K > Lbea 
monomorphism. Then the number of monomorphisms f : K(a) > L with B\x = a is equal 
to the number of pairwise distinct zeros in L of the minimal polynomial m, of a over K. 


Proof. Let B be as in the statement of the theorem. Then f is uniquely determined by 
B(a), and (a) is a zero of the polynomial B(m,(x)) = a(m,(x)). Now let a’ be a zero of 
a(m,(x)) in L. Then there exists a 8 : K(a) — L with B(a) = a’ from Theorem 7.1.4. 
Therefore, a has exactly as many extensions 8 as a(m,(x)) has pairwise distinct zeros 
in L. The number of pairwise distinct zeros of a(m,(x)) is equal to the number of pair- 
wise distinct zeros of m,(x). This can be seen as follows: Let L, be a splitting field of 
m,(x) and L, c La splitting field of a(m,(x)). From Theorems 8.1.5 and 8.1.6, there is an 
isomorphism wW : Ly — L,, which maps the zeros of m,(x) onto the zeros of a(m,(x)). 


Lemma 16.4.2. Let L|K be a finite extension with L c L, and L algebraically closed. In 
particular, L = K(a,,...,@,), where the a; are algebraic over K. Let p; be the number of 
pairwise distinct zeros of the minimal polynomial m,, of a; over K(a,;...,@y_1) in L. Then 
there are exactly pj, ..., Py, monomorphisms B : L — L with Bix = 1. 


Proof. From Theorem 16.4.1, there are exactly p; monomorphisms a : K(a,) > L with 
a\x equal to the identity on K. Each such a has exactly p, extensions of the identity on K 
to K(a,, dy). We now continue in this manner. 


Theorem 16.4.3. Let L|K be a field extension with M an intermediate field. Ifa «€ L is 
separable over K, then it is also separable over M. 


Proof. This follows directly from the fact that the minimal polynomial of a over M di- 
vides the minimal polynomial of a over K. 


Theorem 16.4.4. Let L|K be a field extension. Then the following are equivalent: 

(1) LIK is finite and separable. 

(2) There are finitely many separable elements a,,...,Q, over K with K = K(a,,...,Qn). 

(3) LIK is finite, and if L ¢ L with L algebraically closed, then there are exactly [L : K] 
monomorphisms a: L > L with ay = 1g. 


Proof. That (1) implies (2) follows directly from the definitions. We show then that (2) 
implies (3). Let L = K(qy,...,@,), where a,,...,@, are separable elements over K. The 
extension L|K is finite (see Theorem 5.3.4). 

Let p; be the number of pairwise distinct zeros in L of the minimal polynomial 
Mg,(X) = fix) of a; over K(a,,..., G1). Then 


Di < deg(f) a |K (ay; cay aj) : K(q,; cy aj_1)|- 


Hence, p; = deg(f;(x)) since a; is separable over K(a,,...,a;_,) from Theorem 16.4.3. 
Therefore, [L : K] = p,---p, is equal to the number of monomorphisms a : L — L with 
ax, the identity on K. 
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Finally, we show that (3) implies (1). Suppose then the conditions of (3). Since L|K is 
finite, there are finitely many a,,...,a, € L with L = K(a,...,a,). Let p; and f;(x) be as 
in the proof above, and hence p; < deg(f;(x)). By assumption we have 


[L: K] = Py-+-Dn 
equal to the number of monomorphisms a : L — L with ax, the identity on K. Also 


[L : K] = py---Dn < deg(fi(x)) ---deg(fy(x)) = [L : K]. 


Hence, p; = deg(f;(x)). Therefore, by definition, each a; is separable over K. 

To complete the proof, we must show that L|K is separable. Inductively, it suffices 
to prove that K(a,)|K is separable over K whenever a, is separable over K, and notin K. 
This is clear if char(K) = 0, because K is perfect. 

Suppose then that char(K) = p > 0. First, we show that K (a? ) = K(a,). Certainly, 
K(at) c K(a,). Assume that a, ¢ K(a?). Then g(x) = x? — a? is the minimal polynomial 
of a, over K. This follows from the fact that x? — a? = (x —a,)?, and hence there can be 
no irreducible factor of x? — a? of the form (x — a,)” with m < p and mip. 

However, it follows then, in this case, that g’(x) = 0, contradicting the separability 
of a, over K. Therefore, K(a,) = K(a!). 

Let E = K(a,), then also E = K(E?), where E? is the field generated by the p-th 
powers of E. Now let b € E = K(a,). We must show that the minimal polynomial of b, 
say m,(X), is separable over K. Assume that m,(x) is not separable over K. Then 


k . 
M,(X) = Y dix", Dj € K, by = 1 
i=0 


from Theorem 16.2.3. We have 
by + bib? +--+ +b, bPK = 0. 


Therefore, the elements 1, b?,...,b?* are linearly dependent over K. 

Since K(a,) = E = K(E?), we find that 1, b,..., b* are linearly dependent also, since if 
they were independent the p-th powers would also be independent. However, this is not 
possible, since k < deg(m,(x)). Therefore, m,(x) is separable over K, and hence K(a,)|K 
is separable. Altogether L|K is then finite and separable, completing the proof. 


Theorem 16.4.5. Let L|K be a field extension, and let M be an intermediate field. Then the 
following are equivalent: 

(1) L\K is separable. 

(2) L|M and M\K are separable. 


Proof. We first show that (1) implies (2): If L|K is separable then L|M is separable by 
Theorem 16.4.3, and M|K is separable. 
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Now suppose (2), and let M|K and L|M be separable. Let a «€ L, and let 
m,(X) = f(x) = Do +++ + Dy yx + x" 
be the minimal polynomial of a over M. Then f(x) is separable. Let 
M! = K(by,...,Dp_1)- 


We have K c M’ c M, and hence M'|K is separable, since M|K is separable. Further- 
more, a is separable over M’, since f(x) is separable, and f(x) ¢ M’[x]. From Theo- 
rem 16.4.1, there are m = deg(f(x)) = [M'(a) : M’] extensions of a : M’ — M with 
M the algebraic closure of M’. Since M’|K is separable and finite, there are [M’ : K] 
monomorphisms a : M' — M from Theorem 16.4.4. Altogether, there are [M’(a) : K] 
monomorphisms a : M' — M with ax, the identity on K. Therefore, M "(a)|K is sep- 
arable from Theorem 16.4.4. Hence, a is separable over K, and then L|K is separable. 
Therefore, (2) implies (1). 


Theorem 16.4.6. Let L|K be a field extension, and let S c L such that all elements of S are 
separable over K. Then K(S)|K is separable, and K[S] = K(S). 


Proof. Let W be the set of finite subsets of S. Let T ¢€ W. From Theorem 16.4.4, we 
obtain that K(T)|K is separable. Since each element of K(S) is contained in some K(T), 
we have that K(S)|K is separable. Since all elements of S are algebraic, we have that 
K[S] = K(S). 


Theorem 16.4.7. Let L|K be a field extension. Then there exists in L a uniquely determined 
maximal field M with the property that M|K is separable. If a € L is separable over M, 
thena € M. M is called the separable hull of K in L. 


Proof. Let S be the set of all elements in L, which are separable over K. We now define 
M = K(S). Then M|K is separable from Theorem 16.4.6. Now, let a € L be separable 
over M. Then M(a)|M is separable from Theorem 16.4.4. Furthermore, M(a)|K is sepa- 
rable from Theorem 16.4.5. It follows that a € M. 


16.5 Separability and Galois Extensions 


We now completely characterize Galois extensions L|K as finite, normal, separable ex- 
tensions. 


Theorem 16.5.1. Let L|K be a field extension. Then the following are equivalent: 
(1) LIK is a Galois extension. 

(2) L is the splitting field of a separable polynomial in K[x]. 

(3) LIK is finite, normal, and separable. 


Therefore, we may characterize Galois extensions of a field K as finite, normal, and sepa- 
rable extensions of K. 
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Proof. Recall from Theorem 8.2.2 that an extension L|K is normal if the following hold: 

(1) L\k is algebraic, and 

(2) each irreducible polynomial f(x) € K[x] that has azero in L splits into linear factors 
in L[x]. 


Now suppose that L|K is a Galois extension. Then L|K is finite from Theorem 15.4.1. 
Let L = K(b,,...,D,) and My, (x) = f,(x) be the minimal polynomial of b; over K. Let 
dj,,-.-»@;, be the pairwise distinct elements from 


H, = {a(b;) : a € Aut(L|K)}. 
Define 
&i(X) = (x -a;,)---(K-a;,) € LIX]. 


Ifa € Aut(L|K), then a(g;) = g;, since a permutes the elements of H;. This means that the 
coefficients of g;(x) are in Fix(Z, Aut(Z|K)) = K. Furthermore, g;(x) € K[x], because D; is 
one of the Gj, and f,(x)|g;(x). The group Aut(Z|K) acts transitively on {dj,>---»4j,} by the 
choice of a;,,...,a;,. Therefore, each g;(x) is irreducible (see Theorem 15.2.4). It follows 
that f(x) = g;(x). Now, f;(x) has only simple zeros in L; that is, no zero has multiplicity 
> 2, and hence f;(x) splits over L. Thus, L is a splitting field of f(x) = f,Q0)--- ff, 0d, and 
f (x) is separable by definition. Hence, (1) implies (2). 

Now suppose that L is a splitting field of the separable polynomial f(x) € K[x], and 
L\K is finite. From Theorem 16.4.4, we get that L|K is separable, since L = K(aj,..., Qn) 
with each a; separable over K. Therefore, L|K is normal from Definition 8.2.1. Hence, 
(2) implies (3). 

Finally, suppose that L|K is finite, normal, and separable. Since L|K is finite and 
separable from Theorem 16.4.4, there exist exactly [L : K] monomorphisms a : L > 
L, L, the algebraic closure of L, with ax the identity on K. Since L|K is normal, these 
monomorphisms are already automorphisms of L from Theorem 8.2.2. 

Hence, [L : K] < |Aut(L|K)|. Furthermore, |L : K| > |Aut(Z|K)| from Theorem 15.4.3. 
Combining these, we have [L : K] = Aut(L|K), and hence L|K is a Galois extension from 
Theorem 15.4.9. Therefore, (3) implies (1), completing the proof. 


Recall that any field of characteristic 0 is perfect, and therefore any finite extension 
is separable. Applying this to Q implies that the Galois extensions of the rationals are 
precisely the splitting fields of polynomials. 


Corollary 16.5.2. The Galois extensions of the rationals are precisely the splitting fields 
of polynomials in Q[x]. 


Theorem 16.5.3. Let L|K be a finite, separable field extension. Then there exists an exten- 
sion field M of L such that M|K is a Galois extension. 


244 —— 16 Separable Field Extensions 


Proof. Let L = K(a,,...,,) with all a; separable over K. Let f;(x) be the minimal poly- 
nomial of a; over K. Then each f;(x), and hence also f(x) = f,(x)---f,00, is separable 
over K. Let M be the splitting field of f(x) over K. Then MK is a Galois extension from 
Theorem 16.5.1. 


Example 16.5.4. Let K = Qbe the rationals, and let f(x) = x'-2e Q[x]. From Chapter 8, 
we know that L = Q(¥2,i) isa splitting field of f(x). By the Eisenstein criteria, f(x) is 
irreducible, and [L : Q] = 8. Moreover, 


ND, IND SAD SIND 


are the zeros of f(x). Since the rationals are perfect, f(x) is separable. L|K is a Galois 
extension by Theorem 16.5.1. From the calculations in Chapter 15, we have 


|Aut(L|K)| = |Aut(L)| =[(L:K]=8. 
Let 
G = Aut(L|K) = Aut(Z|Q) = Aut(L). 


We want to determine the subgroup lattice of the Galois group G. We show G = D,, the 
dihedral group of order 8. Since there are 4 zeros of f(x), and G permutes these, G must 
be a subgroup of S,, and since the order is 8, G is a 2-Sylow subgroup of S,. From this, 
we have that 


G = (2,4), (1,2,3,4)). 


If we let t = (2,4) ando = (1,2,3, 4), we get the isomorphism between G and D,. From 
Theorem 14.1.1, we know that D, = (r,f;r* = f? = (rf)* =1). 
This can also be seen in the following manner. Let 


ay — V2, Ay = iv2, As = -V2, ay _ -iv2. 


Let a € G. ais determined if we know a(¥2) and a(i). The possibilities for a(i) are i or 
-i; that is, the zeros of x? +1. 

The possibilities for 2 are the 4 zeros of f(x) = x*-2. Hence, we have 8 possibilities 
for a. These are exactly the elements of the group G. We have 6,7 € G with 


6(V2) =iV2, (i) =i 
and 
t( V2) = V2, ti) =-i. 


It is straightforward to show that 6 has order 4, t has order 2, and 67 has order 2. These 
define a group of order 8 isomorphic to D,, and since G has 8 elements, this must be all 
of G. 
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We now look at the subgroup lattice of G, and then the corresponding field lattice. 
Let 6 and t be as above. Then G has 5 subgroups of order 2 
{1,67}, {Lt}, {Lér}, {1,677}, {1, 6°}. 


Of these only {1, 6"} is normal in G. 
G has 3 subgroups of order 4 


{1,6,6°, 6°}, {1, 6", t, 76°}, {1,6°, 6t, °c}, 


and all are normal since they all have index 2. 
Hence, we have the following subgroup lattice: 


{1,75} {1,763} {1,62} {1.7} {1,167} 
(1, 62, 6,153} (1,6, 62, 63} (1, 62, 1,152} 
“Tr 2 2 
G 


From this we construct the lattice of fields and intermediate fields. Since there are 
10 proper subgroups of G from the fundamental theorem of Galois theory, there are 10 
intermediate fields in L|Q, namely, the fix fields Fix(L, H), where H is a proper subgroup 
of G. In the identification, the extension field corresponding to the whole group G is the 
ground field Q (recall that the lattice of fields is the inverted lattice of the subgroups), 
whereas the extension field corresponding to the identity is the whole field L. We now 
consider the other proper subgroups. Let 6, t be as before. 
(1) Let M, = Fix(L, {1,7}). Now, {1, tT} fixes Q(V2) elementwise such that Q(¥V2) ¢ My. 

Furthermore, [L : M,] = |{1,T}| = 2, and hence [L : Q(V2)] = 2. Hence, M, = Q(V2). 
(2) Consider M, = Fix(L, {1, t5}). We have the following: 


16(V2) = r(iv2) = -iv2 

16(iV2) = t(=¥2) = -V2 

16(—V2) = t(-iv2) = iv2 
iV2) = T( 


It follows that 76 fixes (1 — i) V2, and hence M, = Q((1- i) V2). 
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(3) Consider M, = Fix(L, {1,767}). The map 76” interchanges a, and a, and fixes a, 
and a4. Therefore, M; = Q(i¥2). 


In an analogous manner, we can then consider the other 5 proper subgroups and corre- 
sponding intermediate fields. We get the following lattice of fields and subfields: 


Q(i, V2) 


Q(a-V2) Q(a+iV2)  Qciv2) Q(V2) QciV2) 
ENG oe Ae eNOS 
Q(iv2) Qt) Q(v2) 

2 2 2 
Q 


16.6 The Primitive Element Theorem 


In this section, we describe finite separable field extensions as simple extensions. It fol- 
lows that a Galois extension is always a simple extension. 


Theorem 16.6.1 (Primitive element theorem). Let L = K(),,...,Y,), and suppose that 
each y; is separable over K. Then there exists a y, € L such that L = K(y9). The element 
Yo is called a primitive element. 


Proof. Suppose first that K is a finite field. Then L is also a finite field, and therefore 
L* = (yo) is cyclic. Therefore, L = K(y,), and the theorem is proved if K is a finite field. 
Now suppose that K is infinite. Inductively, it suffices to prove the theorem for n = 2. 
Hence, let a,B ¢ L be separable over K. We must show that there exists a y € L with 
K(a,B) = K(y). 
Let L be the splitting field of the polynomial Mq(X)IMg(Xx) over L, where m,(x), Mp (x) 
are, respectively, the minimal polynomials of a, 8 over K. In L[x], we have the following: 


Mg(X) = (X -— )(X - _)---(X -a,) witha =a, 


mp(x) = (x — By)(« - Bo) --- (x - B,) with B = B,. 


By assumption the a; and the ; are, respectively, pairwise distinct. 
For each pair (i,j) with 1 <i < s,2 <j < t, the equation 


a, + ZB, = a; + 2B; 
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has exactly one solution z « L, since B; — B, # 0 ifj = 2. Since K is infinite, there exists a 
c € K with 


a + cp; # Qj +e cB; 
for alli,j with 1 <i<s,2<j <t. With sucha valuec «€ K, we define 


y=a+cB =a, + cp. 


We claim that K(a, 8) = K(y) holds. It suffices to show that B € K(y), for then a = 
y — cB € K(y). This implies that K(a,B) c K(y), and since y € K(a, 8), it follows that 
K(a, B) = K(y). To show that B € K(y), we first define f(x) = m,(y — cx), and let d(x) = 
gcd(f (x), m,(X)). We may assume that d(x) is monic. We show that d(x) = x — B. Then 
B € K(y), since d(x) € K(y) [x]. 

Assume first that d(x) = 1. Then gcd(f(x), me(X)) = 1, and f(x) and m,(X) are also 
relatively prime in L[x]. This is a contradiction, since f(x) and mp(X) have the common 
zero B € L, and hence the common divisor x — B. 

Therefore, d(x) # 1, so deg(d(x)) > 1. 

The polynomial d(x) is a divisor of mp(X), and hence d(x) splits into linear factors 
of the form x — B;, 1 <j < t in L[x]. The proof is completed if we can show that no linear 
factor of the form x — B; with 2 < j < tis a divisor of f(x). That is, we must show that 
f(B)) #0inLifj > 2 

Now f(B;) = mg(y — cB;) = m,(a, + cB, — cB;). Suppose that f(B;) = 0 for some j > 2. 
This would imply that a; = a,+cB,—cB;; thatis, a,+cB, = a;+cB; forj = 2. This contradicts 
the choice of the value c. Therefore, f(6;) # 0 ifj = 2, completing the proof. 


In the above theorem, it is sufficient to assume that n —-1 of y,..., y, are separable 
over K. The proof is similar. We only need that the f,,..., 6, are pairwise distinct if 6 is 
separable over K to show that K(a, B) = K(y) for some y € L. 

If K is a perfect field, then every finite extension is separable. Therefore, we get the 
following corollary: 


Corollary 16.6.2. Let L|K be a finite extension with K a perfect field. Then L = K(y) for 
some y € L. 


Corollary 16.6.3. Let L|K be a finite extension with K a perfect field. Then there exist only 
finitely many intermediate fields E with K cE cL. 


Proof. Since K is a perfect field, we have L = K(y) for some y « L. Let m,(x) € K[x] 
be the minimal polynomial of y over K, and let L be the splitting field of m,(x) over K. 
Then L|K is a Galois extension; hence, there are only finitely many intermediate fields 
between K and L. Therefore, also only finitely many fields between K and L. 


Suppose that L|K is algebraic. Then, in general, L = K(y) for some y € L if and only 
if there exist only finitely many intermediate fields E with K c E c L. 
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This condition on intermediate fields implies that L|K is finite if L|K is algebraic. 


Hence, we have proved this result, in the case that K is perfect. The general case is dis- 
cussed in the book of S. Lang [13]. 


16.7 Exercises 


1. 


Let f(x) = x4-8x° +24x?-32x+14 € Q[x], and let v «e Chea zero off. Let a := v(4-v), 

and K a splitting field of f over Q. Show the following: 

(i) f is irreducible over Q, and f(x) = f(4—- x). 

(ii) There is exactly one automorphism o of Q(v) with o(v) = 4 - v. 

(iii) L := Q(a) is the Fix field of o and |L : Q| = 2. 

(iv) Determine the minimal polynomial of a over Q and determine a. 

(v) |Q(v) : L| = 2, and determine the minimal polynomial of v over L; also deter- 
mine v and all other zeros of f(x). 

(vi) Determine the degree of |K : Q|. 

(vii) Determine the structure of Aut(K|Q). 

Let L|K bea field extension and f € K[x] aseparable polynomial. Let Z be a splitting 

field of f over L and Z, a splitting field of f over K. Show that Aut(Z|L) is isomorphic 

to a subgroup of Aut(Z)|K). 

Let L|K be a field extension and v ¢€ L. For each element c € K it is K(v+c) = K(v). 

For c # 0, itis K(cv) = K(v). 

Letv = V2+ V3 andlet K = Q(v). Show that v2 and v3 are presentable as a Q-linear 

combination of 1, v, v’, v’. Conclude that K = Q(v2, v3). 

Let L be the splitting field of x° — 5 over Q in C. Determine a primitive element t of 

L over Q. 


17 Applications of Galois Theory 


As we mentioned in Chapter 1, Galois theory was originally developed as part of the 
proof that polynomial equations of degree 5 or higher over the rationals cannot be 
solved by formulas in terms of radicals. In this chapter, we do this first and prove the in- 
solvability of the quintic polynomials by radicals. To do this, we must examine in detail 
what we call radical extensions. 

We then return to some geometric material we started in Chapter 6. There, using 
general field extensions, we proved the impossibility of certain geometric compass and 
straightedge constructions. Here, we use Galois theory to consider constructible n-gons. 

Finally, we will use Galois theory to present a proof of the fundamental theorem of 
algebra, which says, essentially, that the complex number field C is algebraically closed. 

In Chapter 17, we always assume that K is a field of characteristic 0; in particular, K 
is perfect. We remark that some parts of Sections 17.1-17.4 go through for finite fields of 
characteristic p > 3. 


17.1 Field Extensions by Radicals 


We would like to use Galois theory to prove the insolvability by radicals of polynomial 
equations of degree 5 or higher. To do this we must introduce extensions by radicals and 
solvability by radicals. 


Definition 17.1.1. Let L|K be a field extension. 

(1) Each zero of a polynomial x” — a € K[x] in L is called a radical (over K). We denote 
it by Ya (if a more detailed identification is not necessary). 

(2) Lis called a simple extension of K by a radical if L = K(¥a) for somea «€ K. 

(3) Lis called an extension of K by radicals if there is a chain of fields 


K=LI), cI, ¢-:-cLy=L 


such that each L; is a simple extension of L;_, by a radical for eachi = 1,...,m. 
(4) Let f(x) € K[x]. Then the equation f(x) = 0 is solvable by radicals, or just solvable, 
if the splitting field of f(x) over K is contained in an extension of K by radicals. 


In proving the insolvability of the quintic polynomial, we will look for necessary 
and sufficient conditions for the solvability of polynomial equations. Our main result 
will be that if f(x) € K[x], then f(x) = 0 is solvable over K if the Galois group of the 
splitting field of f(x) over K is a solvable group (see Chapter 11). 

In the remainder of this section, we assume that all fields have characteristic zero. 
The next theorem gives a characterization of simple extensions by radicals: 
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Theorem 17.1.2. Let L|K be a field extension andn € IN. Assume that the polynomial x" -1 
splits into linear factors in K[x] so that K contains all the n-th roots of unity. 

Then L = K(¥/a) for some a « K if and only if L is a Galois extension over K, and if 
Aut(L|K) = Z/mZ for some m € IN with m|n. 


Proof. The n-th roots of unity, that is, the zeros of the polynomial x" - 1 € K[x], forma 
cyclic multiplicative group F ¢ K* of order n, since each finite subgroup of the multi- 
plicative group K™ of K is cyclic, and || = n. We call an n-th root of unity w primitive if 
F = (Ww). 

Now let L = K(*/a) with a ¢ K; that is, L = K(8) with B" = a ¢ K.Letwhea 
primitive n-th root of unity. With this B, the elements wf, w’,...,w"B = B are zeros of 
x" — a. Hence, the polynomial x” — a splits into linear factors over L; hence, L = K(f) is 
a splitting field of x” — a over K. It follows that L|K is a Galois extension. 

Let o € Aut(Z|K). Then o(f) = w"B for some 0 < v < n. The element w’ is uniquely 
determined by o, and we may write w” = w,. 

Consider the map @ : Aut(L|K) — F given by o — w,, where w, is defined as above 
by o(B) = w,B. If t,o € Aut(Z|K), then 


ot(B) = a(w,)a(B) = W,WoB, 


because w, € K. 

Therefore, d(0T) = ¢(c)(T); hence, @ is ahomomorphism. The kernel ker(@) con- 
tains all the K-automorphisms of L, for which o(6) = £. However, since K = K(f), it 
follows that ker(@) contains only the identity. The Galois group Aut(L|K) is, therefore, 
isomorphic to a subgroup of F. Since F is cyclic of order n, we have that Aut(L|K) is 
cyclic of order m for some m|n, completing one way in the theorem. 

Conversely, first suppose that L|K is a Galois extension with Aut(L|K) = Z,, a cyclic 
group of order n. Let o be a generator of Aut(Z|K). This is equivalent to 


Aut(L|K) = {o,0°,...,0" = 1}. 


Let w be a primitive n-th root of unity. Then, by assumption, w € K, 0(w) = w, and F = 
{w, w,...,W" = 1}. Furthermore, the pairwise distinct automorphism o”, v = 1,2,...,n, 
of L are linearly independent; that is, there exists an n € L such that 


n 
wW*xn= > w’a"(n) ¢ 0. 
v=1 


The element w x 7 is called the Lagrange resolvent of w by n. We fix such an element 
n € L. Then we get, since o(w) = w, 


n+l 


n n 
a(W * Nn) = Y wo" (n) ijt y w*Ig’*(n) Sit y wo" (n) 
v=1 v=1 v=2 
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n 
Ser 3 w’a"(n) = w (Ww * N). 
v=1 


Moreover, o“(w * 7) = w"“(w * n), u=1,2,...,n. Hence, the only K-automorphism of L, 
which fixes w * is the identity. Therefore, Aut(Z|K(w « n)) = {1}; hence, L = K(w « n) 
by the fundamental theorem of Galois theory. 

Furthermore, 


a((w* ny") = (o(w* n))" = (ww *n)) = 0 "(w+)" = wen)". 


Therefore, (w « n)" € Fix(Z, Aut(Z|K)) = K, again from the fundamental theorem of 
Galois theory. If a = (w « n)" € K, then first a « K, and second L = K(¥Va) = K(w * n). 
This proves the result in the case where m = n. We now use this to prove it in general. 
Finally, suppose that L|K is a Galois extension with Aut(L|K) = Z,,, a cyclic group 
of order m, where n = qm for some q > 1. If n = qm, then L = K( Vb) for some b € K by 
the above argument. Hence, L = K(f) with B™ ¢ K. Then certainly, a = B" = (6)? < K; 
therefore, L = K(f) = K(Va) for some a « K, completing the general case. 


We next show that every extension by radicals is contained in a Galois extension by 
radicals. 


Theorem 17.1.3. Each extension L of K by radicals is contained in a Galois extension L of 
K byradicals. This means that there is an extension L of K by radicals with L c L, and L|K 
is a Galois extension. 


Proof. We use induction on the degree m = [L : K]. Suppose that m = 1. If L = K(¥a), 
then if w is a primitive n-th root of unity, define K = K(w) and L = K(+/a). We then get 
the chain K c K c LwithL c L, and LIK is a Galois extension. This last statement is due 
to the fact that L is the splitting field of the polynomial x” — a € K[x] over K. Hence, the 
theorem is true if m = 1. 

Now suppose that m > 2, and suppose that the theorem is true for all extensions F 
of K by radicals with [F : K] < m. 

Since m > 2 by the definition of extension by radicals, there exists a simple extension 
L\E by a radical. That is, there exists a field E with 


KcEcL, [L:E]2=2 


and L = E(#/a) for some a € E,n € N. Now [E: K] < m. Therefore, by the inductive 
hypothesis, there exists a Galois extension by radicals E of K with E c E. 

Let G = Aut(E|K) and L be the splitting field of the polynomial f(x) = m,(x") € K[x] 
over £, where m,(x) is the minimal polynomial of a over K. We show that L has the 
desired properties. 

Now */a € L is azero of the polynomial f(x), and E c E c £. Therefore, L contains 
an E-isomorphic image of L = K(~/a); hence, we may consider L as an extension of L. 
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Since E is a Galois extension of K, the polynomial f(x) may be factored as 
Fx) = (x" = ay) +--+ (X" = as) 


with qa; ¢ E for i = 1,...,s. All zeros of f(x) in L are radicals over E. Therefore, Z is an 
extension by radicals of £. Since E is also an extension by radicals of K, we obtain that 
L is an extension by radicals of K. 

Since E is a Galois extension of K, we have that £ is a splitting field of a polynomial 
g(x) ¢ K[x]. Furthermore, Lis a splitting field of f(x) ¢ K[x] over E£. Altogether then, we 
have that L isa splitting field of f(x)g(x) € K[x] over K. Therefore, £ is a Galois extension 
of K, completing the proof. 


We will eventually show that a polynomial equation is solvable by radicals if and 
only if the corresponding Galois group is a solvable group. We now begin to find condi- 
tions, where the Galois group is solvable. 


Lemma 17.1.4. Let K = Ly) c Ly c--- c L, = L bea chain of fields such that the following 
hold: 

(i) Lis aGalois extension of K. 

(ii) L; is a Galois extension of Lj_; forj =1,...,1. 

(iii) Gj = Aut(Z,|Z;_1) is Abelian for j = 1,...,1. 


Then G = Aut(L|K) is solvable. 


Proof. We prove the lemma by induction onr. Ifr = 0, then G = {1}, and there is nothing 
to prove. Suppose then that r > 1, and assume that the lemma holds for all such chains 
of fields with a lengthr’ < r. Since L,|K is a Galois extension, then Aut(L,|K) is anormal 
subgroup of G by the fundamental theorem of Galois theory. Moreover, 


G, = Aut(L,|K) = G/ Aut(L|L,). 


Since G, is an Abelian group, it is solvable, and by assumption Aut(L|Z,) is solvable. 
Therefore, G is solvable (see Theorem 12.1.4). 


Lemma 17.1.5. Let L|K be a field extension. Let K and L be the splitting fields of the poly- 
nomial x" — 1 € K[x] over K and L, respectively. Since K < L, we have K c L. Then the 
following hold: 

(1) Ifo € Aut(L|L), then OK € Aut(K|K), and the map 


Aut(L|L) > Aut(K|K), given bya Oe 
is an injective homomorphism. 


(2) Suppose that in addition L|K is a Galois extension. ThenL\K is also a Galois extension. 
If furthermore, o ¢ Aut(L|K), then o,, € Aut(L|K), and 
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Aut(L|K) > Aut(L|K), given bya + oy, 
is an injective homomorphism. 


Proof. (1) Let w be a primitive nth root of unity. Then K = K(w), and L = L(w). Each 
o € Aut(Z|L) maps w onto a primitive nth root of unity, and fixes K c L elementwise. 
Hence, from o ¢€ Aut(L|L), we get that OK € Aut(K|K). Certainly, the map ag OK 
defines a homomorphism Aut(L|L) — Aut(K|K). Let On =1 with o € Aut(L|Z). Then 
o(w) = w; therefore, we have already that o = 1, since L = L(w). 

(2) If L is the splitting field of a polynomial g(x) over K, then L is the splitting field of 
2(x)(x" — 1) over K. Hence, L|K is a Galois extension. Therefore, K ¢ L c L, and L|K, L|L 
and L|K are all Galois extensions. Therefore, from the fundamental theorem of Galois 
theory 


Aut(L|K) = {o, : 0 € Aut(L|K)}. 


In particular, 0, € Aut(Z|K) ifo ¢ Aut(L|K). Certainly, the map Aut(L|K) — Aut(L|K), 
given by 0 +> oj), is a homomorphism. From o ¢ Aut(L|K), we get that o(w) = w, 
where—as above—w is a primitive nth root of unity. Therefore, if 01, = 1, then already, 
o = 1, since L = L(w). Hence, the map is injective. 


17.2 Cyclotomic Extensions 


Very important in the solvability by radicals problem are the splitting fields of the poly- 
nomials x" — 1 over Q. These are called cyclotomic fields. 


Definition 17.2.1. The splitting field of the polynomial x” —1 € Q[x] with n > 2 is called 
the nth cyclotomic field denoted by k,,. 


We have k,, = Q(w), where w is a primitive nth root of unity. For example, consider 
W = en over Q. k,,|Q is a Galois extension, and the Galois group Aut(k,,|Q) is the set of 
automorphisms g,, : #@ > w™ with 1 < m < nand gcd(m,n) = 1. 

To understand this group G, we need the following concept: A prime residue class 
modulo nis aresidue class a+ nZ with gcd(a, n) = 1. The set of the prime residue classes 
modulo nis just the set of invertible elements with respect to multiplication of the Z/nZ. 
This forms a multiplicative group that we denote by (Z/nZ)* = P,,. We have |P,,| = ¢(n), 
where @(n) is the Euler phi-function. If G = Aut(k,|Q), then G = P,, under the map 
Om > m+nZ., Ifn = pis a prime number, then G = Aut(k,|Q) is cyclic with |G| = p — 1. 

Ifn = p’, then |G| = |Aut(k,2|Q)| = p(p - 1), since 


2 
xP 1 y-4 


= = xPPD 4, PP VAL 4, 
x-1xP-1 
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Lemma 17.2.2. Let K be a field and K be the splitting field of x" —1 over K. Then Aut(K|K) 
is Abelian. 


Proof. We apply Lemma 17.1.5 for the field extension K|Q. This can be done since the 
characteristic of K is zero, and Q is the prime field of K. It follows that Aut(K|K) is iso- 
morphic to a subgroup of Aut(Q|Q) from part (1) of Lemma 17.1.5. But Q = k,, and hence 
Aut(Q|Q) is Abelian. Therefore, Aut(K|K) is Abelian. 


17.3 Solvability and Galois Extensions 


In this section, we prove that solvability by radicals is equivalent to the solvability of the 
Galois group. 


Theorem 17.3.1. Let L|K be a Galois extension of K by radicals. Then G = Aut(L|K) is a 
solvable group. 


Proof. Suppose that L|K is a Galois extension. Then we have a chain of fields 
K=L1,cl,c::-cLl,=L 


such that L; = L;_,(4/@) for some a; € L;. Letn = n,---n,, and let L; be the splitting field 
of the polynomial x" — 1 ¢ K[x] over L; for each j = 0,1,...,r. Then L = LaC@), and 
we get the chain 


Kek=1, Chicece bok: 


From part (2) of Lemma 17.1.5, we get that L|K is a Galois extension. Furthermore, 
Lj\L;- is a Galois extension with Aut(L;|L;-1) cyclic from Theorem 17.1.2. In particular, 
Aut(L;|Z;-1) is Abelian. The group Aut(K|K) is Abelian from Lemma 17.2.2. Therefore, 
we may apply Lemma 17.1.4 to the chain 


KcK=i,c---ci, =L. 


Therefore, G = Aut(Z|K) is solvable. The group G = Aut(L|K) is a homomorphic im- 
age of G from the fundamental theorem of Galois theory. Since homomorphic images of 
solvable groups are still solvable (see Theorem 12.1.3), it follows that G is solvable. 


Lemma 17.3.2. Let L|K be a Galois extension, and suppose that G = Aut(L|K) is solv- 
able. Assume further that K contains all q-th roots of unity for each prime divisor q of 
m = [L: K]. Then L is an extension of K by radicals. 


Proof. Let L|K be a Galois extension, and suppose that G = Aut(L|K) is solvable; also 
assume that K contains all the q-th roots of unity for each prime divisor q of m = [L: K]. 
We prove the result by induction on m. 
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If m = 1, then L = K, and the result is clear. Now suppose that m > 2, and as- 
sume that the result holds for all Galois extensions L’|K’ with [L’ : K’] < m. Now 
G = Aut(L|K) is solvable, and G is nontrivial since m > 2. Let q be a prime divisor of m. 
From Lemma 12.1.2 and Theorem 13.3.5, it follows that there is a normal subgroup H of 
G with G/H cyclic of order q. Let E = Fix(L, H). From the fundamental theorem of Galois 
theory, E|K is a Galois extension with Aut(E|K) = G/H, and hence Aut(E|K) is cyclic of 
order q. From Theorem 17.1.2, E|K is a simple extension of K by a radical. The proof is 
completed if we can show that L is an extension of E by radicals. 

The extension L|E is a Galois extension, and the group Aut(L|E) is solvable, since it 
is a subgroup of G = Aut(L|K). Each prime divisor p of [L : E] is also a prime divisor of 
m = [L: K] by the degree formula. Hence, as an extension of K, the field E contains all 
the p-th roots of unity. Finally, 

renee, 
[E:K] q 
Therefore, L|E is an extension of E by radicals from the inductive assumption, complet- 
ing the proof. 


17.4 The Insolvability of the Quintic Polynomial 


We are now able to prove the insolvability of the quintic polynomial. This is one of the 
most important applications of Galois theory. As aforementioned, we do this by equating 
the solvability of a polynomial equation by radicals to the solvability of the Galois group 
of the splitting field of this polynomial. 


Theorem 17.4.1. Let K be a field of characteristic 0, and let f(x) € K[x]. Suppose that L 
is the splitting field of f(x) over K. Then the polynomial equation f(x) = 0 is solvable by 
radicals if and only if Aut(L|K) is solvable. 


Proof. Suppose first that f(x) = 0 is solvable by radicals. Then L is contained in an ex- 
tension L' of K by radicals. Hence, L is contained in a Galois extension L of K by radicals 
from Theorem 17.1.3. The group G = Aut(Z|K) is solvable from Theorem 17.3.1. Further- 
more, L|K is a Galois extension. Therefore, the Galois group Aut(L|K) is solvable as a 
subgroup of G. 

Conversely, suppose that the group Aut(L|K) is solvable. Let q;,...,q, be the prime 
divisors of m = [K : K], and let n = q,---q,. Let K and L be the splitting fields of the 
polynomial x" — 1 € K[x] over K and L, respectively. We have K c L. From part (2) of 
Lemma 17.1.5, we have that L|K is a Galois extension, and Aut(L|K) is isomorphic to a 
subgroup of Aut(L|K). From this, we first obtain that [L : K] = |Aut(£|K)| is a divisor of 
[L : K] = |Aut(Z|K)|. Hence, each prime divisor q of [£ : K] is also a prime divisor of 
[L : K]. Therefore, Z is an extension by radicals of K by Lemma 17.3.2. Since K = K(w), 
where w is a primitive n-th root of unity, we obtain that L is also an extension of K by 
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radicals. Therefore, L is contained in an extension L of K by radicals; therefore, f(x) = 0 
is solvable by radicals. 


Corollary 17.4.2. Let K be a field of characteristic 0, and let f(x) € K[x] be a polynomial 
of degree m with1 < m < 4. Then the equation f(x) = 0 is solvable by radicals. 


Proof. Let L be the splitting field of f(x) over K. The Galois group Aut(L|K) is isomorphic 
to the subgroup of the symmetric group S,,,. Now the group S, is solvable via the chain 


{1} ¢ Zy c Dy C Ag ¢ Sy; 


where Z, is the cyclic group of order 2, and D, is the Klein 4-group, which is isomorphic 
to Z» x Z». Because S,, ¢ Sq for1 < m < 4, it follows that Aut(L|K) is solvable. From 
Theorem 17.4.1, the equation f(x) = 0 is solvable by radicals. 


Corollary 17.4.2 uses the general theory to show that any polynomial equation of 
degree less than or equal to 4 is solvable by radicals. This, however, does not provide 
explicit formulas for the solutions. We present these below: 

Let K be a field of characteristic 0, and let f(x) € K[x] be a polynomial of degree 
m with 1 < m < 4. As mentioned above, we assume that K is the splitting field of the 
respective polynomial. 

Case (1): If deg(f(x)) = 1, then f(x) = ax + bwitha,b € K anda # 0. A zero is then 
given by k = -2, 

Case (2): If deg(f(x)) = 2, then f(x) = ax’ + bx +c with a,b,c « K anda ¢ 0. The 
zeros are then given by the quadratic formula 


_ -b + vb? - 4ac 


k 
2a 


We note that the quadratic formula holds over any field of characteristic not equal to 2. 
Whether there is a solution within the field K then depends on whether b” — 4ac has a 
square root within K. 

For the cases of degrees 3 and 4, we have the general forms of what are known as 
Cardano’s formulas. 

Case (3): If deg(f(x)) = 3, then f(x) = ax? + bx? + cx + d with a,b,c,d € K anda #0. 
Dividing through by a, we may assume, without loss of generality, that a = 1. 

By a substitution x = y — B the polynomial is transformed into 


gy) =y' + py+qe Kil. 
Let L be the splitting field of g(y) over K, and let a € L be a zero of g(y) so that 
a’ + pa+q=0. 


If p = 0, then a = ¥/—q so that g(y) has the three zeros 
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Va oq wa 


where w is a primitive third root of unity, w* = 1 with w ¢ w”. 
Now let p # 0, and let f be a zero of = -ax- in a suitable extension L’ of L. 
We have £ # 0, since p # 0. Hence, a = B - Putting this into the transformed cubic 


ce 

equation 

3 

a +pa+q=0, 
we get 
p 
-—— =0. 
B i +q 


Define y = f° and 6 = (32 ae so that 
y+éo+q=0. 


Then 


3 3 3 


Baya bE) = ne 2 2495-(2)\ = 
y +qy (5) 0 and ag tOt4 0 and 6°+4q6 @ 0. 


Hence, the zeros of the polynomial 


are 


2 
ra=$e() (8). 
2 2 3 
If we have y = 6, then both are equal to —£ 5» and 


(3)-@) 


Then from the definitions of y, 6, we have y = f°, and 6 = (3). From above, a = B - 
Therefore, we get a by finding the cube roots of y and 6. 

There are certain possibilities and combinations with these cube roots, but because 
of the conditions, the cube roots of y and 6 are not independent. We must satisfy the 
condition 
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Wio= 0 = 2. 


Therefore, we get the final result: 
The zeros of g(y) = y? + py + q with p + Oare 


u+v, Wut wv, wu + WV, 


where w is a primitive third root of unity, and 


HD ee HDC) 


The above is known as the cubic formula, or Cardano’s formula. 

Case (4): If deg(f(x)) = 4, then f(x) = ax* + bx? + cx? + dx +e with a,b, c,d,e € K and 
a # 0. Dividing through by a, we may assume without loss of generality that a = 1. 

By a substitution x = y — B the polynomial f(x) is transformed into 


gy) =y + py +g tr. 


We have to find the zeros of g(y). Let x1, X2, X3, X4 be the solutions in the splitting field of 
the polynomial 


y' +py’ +q+tr=0. 


Then 


0 ey + py” +O +71 = (V—X)y — Xp)(y — X3)(y — X4). 
If we compare the coefficients, we get the following: 


0 =X, + Xo + X3 + Xq4; 
D = X1Xq + X1X3 + X4Xq + XQX3Z + XQXq + X3Xq, 
—q = X4X2X3 + X4X_Xq + XyX3ZXq + XQX3Xq, 


r= X4XQX3Xq. 
We define 


V1 = (Xy + Xp) (Xe t+ Xq); 
Yo = (Xy + X3)(X% + Xq); 


3 — (x, + X4)(Xq + X3). 


From x, + X_ + X3 + X4 = 0, we get 
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Yy = -O%y + Xy)” = -(X3 + xr because x; + X_ = —(X3 + X4), 
Vo = -(X, + X3)” = -(X) + xi: because x; + X3 = —(X + X4), 
V3 = -(X,+ x4)" = —-(X) + $25, because x, + X4 = —(X_ + X3). 
Let y? + fy? + gy +h = 0 be the cubic equation with the solutions y,,y,, and y3. This 


polynomial y® + fy” + gy + his called the cubic resolvent of the equation of degree four. 
If we compare the coefficients, we get the following: 


f =—\1-Y2-Y3 
§& =YW2 + ViY3 + Voz» 
h= -Y1Y2y3. 
Direct calculations leads to 
f = -2p, 
g =p -4r, 
h= q. 


Hence, the equation 


y? — 2py* + (p° -4r)y +" =0 


is the resolvent of y* + py” + qy +r = 0. We now calculate the solutions yj, y», y3 of 
y? — 2py’ + (p? — 4r)y + @ = 0 using Cardano’s formula. 
Then we substitute backwards, and get the following: 


Xy +X = —(X3 + X4) =+7-Y, 
Xi +X3= —(Xy + X4) =+ty-y2, 


Xy+tXq = -(X, + X3) =+y7-Yy3- 


We add these equations, and get 


3X1 + Xp +X3+Xq = 2X, =ty—Mt Vt Vy = xy = SY es, 


The formulas for x, x3, and x, follow analogously, and are of the same type as that for x. 


By variation of the signs we get eight numbers +x,, +X, +xX3 and +x,. Four of them 
are the solutions of the equation 


y +py+qver=0. 


The correct ones we get by putting into the equation. They are as follows: 
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X= 5 (Vit Vit VHD) 
x2 = av 1 — V-Y2 - vV-¥3); 
3 = 5( V1 + V2 - V~Ys); 


x4 = 5 V1 - V~Y2 + V7¥3)- 


The following theorem is due to Abel; it shows the insolvability of the general de- 
gree 5 polynomial over the rationals Q. 


Theorem 17.4.3. Let L be the splitting field of the polynomial f(x) = x° — 2x* +2 € Q[x] 
over Q. Then Aut(L|K) = S;, the symmetric group on 5 letters. Since S, is not solvable, the 
equation f(x) = 0 is not solvable by radicals. 


Proof. The polynomial f(x) is irreducible over Q by the Eisenstein criterion. Further- 
more, f(x) has five zeros in the complex numbers C by the fundamental theorem of al- 
gebra (see Section 17.6). We claim that f(x) has exactly 3 real zeros and 2 nonreal zeros, 
which then necessarily are complex conjugates. In particular, the 5 zeros are pairwise 
distinct. 

To see the claim, notice first that f(x) has at least 3 real zeros from the intermediate 
value theorem. As a real function, f(x) is continuous, f(-1) = -1 < 0, f(0) = 2 > 0, so 
it must have a real zero between -1 and 0. Furthermore, we have f (3) = -2 < O and 
f(2) =2 > 0. Hence, there must be distinct real zeros between 0 and 3, and between 3 
and 2. Suppose that f(x) has more than 3 real zeros. Then f’(x) = x3 (5x —8) has at least 3 
pairwise distinct real zeros from Rolle’s theorem. But f’(x) clearly has only 2 real zeros, 
so this is not the case. Therefore, f(x) has exactly 3 real zeros, and hence 2 nonreal zeros 
that are complex conjugates. 

Let L be the splitting field of f(x). The field L lies in C, and the restriction of the map 
6: zZ +» Z of C to L maps the set of zeros of f(x) onto themselves. Therefore, 6 is an 
automorphism of L. The map 6 fixes the 3 real zeros and transposes the 2 nonreal zeros. 
From this, we now show that Aut(L|Q) = AutL = G = Sz, the full symmetric group on 5 
symbols. Clearly, G c Ss, since G acts as a permutation group on the 5 zeros of f(x). 

Since 6 transposes the 2 nonreal zeros, G (as a permutation group) contains at least 
one transposition. Since f(x) is irreducible, G acts transitively on the zeros of f(x). Let 
Xo be one of the zeros of f(x), and let G,, be the stabilizer of xp. 

Since G acts transitively, x) has five images under G; therefore, the index of the 
stabilizer must be 5 (see Chapter 10): 


5 =(G:G,], 


which—by Lagrange’s theorem—umust divide the order of G. Therefore, from the Sylow 
theorems, G contains an element of order 5. Hence, G contains a 5-cycle and a transpo- 
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sition; therefore, by Theorem 11.4.3, it follows that G = S,. Since S, is not solvable, it 
follows that f(x) cannot be solved by radicals. 


Since Abel’s theorem shows that there exists a degree 5 polynomial that cannot be 
solved by radicals, it follows that there can be no formula like Cardano’s formula in 
terms of radicals for degree 5. 


Corollary 17.4.4. There is no general formula for solving by radicals a fifth degree poly- 
nomial over the rationals. 


We now show that this result can be further extended to any degree greater than 5. 


Theorem 17.4.5. For each n > 5, there exist polynomials f(x) € Q[x] of degree n, for 
which the equation f(x) = 0 is not solvable by radicals. 


Proof. Let f(x) = xP = Ox 4 2), and let L be the splitting field of f(x) over Q. Then 
Aut(L|Q) = Aut(L) contains a subgroup that is isomorphic to Ss. It follows that Aut(L) is 
not solvable; therefore, the equation f(x) = 0 is not solvable by radicals. 


This immediately implies the following: 


Corollary 17.4.6. There is no general formula for solving by radicals polynomial equa- 
tions over the rationals of degree 5 or greater. 


17.5 Constructibility of Regular n-Gons 


In Chapter 6, we considered certain geometric material related to field extensions. 
There, using general field extensions, we proved the impossibility of certain geometric 
compass and straightedge constructions. In particular, there were four famous insolv- 
able (to the Greeks) construction problems. The first is the squaring of the circle. This 
problem is, given a circle, to construct using straightedge and compass a square having 
an area equal to that of the given circle. The second is the doubling of the cube. This 
problem is, given a cube of given side length, to construct, using a straightedge and 
compass, a side of a cube having double the volume of the original cube. The third 
problem is the trisection of an angle. This problem is to trisect a given angle using only a 
straightedge and compass. The final problem is the construction of a regular n-gon. This 
problems asks which regular n-gons could be constructed using only straightedge and 
compass. In Chapter 6, we proved the impossibility of the first 3 problems. Here, we use 
Galois theory to consider constructible n-gons. 
Recall that a Fermat number is a positive integer of the form 


F,=2 +1, n=0,1,2,3.... 


If a particular F,,, is prime, it is called a Fermat prime. 
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Fermat believed that all the numbers in this sequence were primes. In fact, Fo, Fy, 
Fy, F3, F, are all prime, but F; is composite and divisible by 641 (see exercises). It is still 
an open question whether or not there are infinitely many Fermat primes. It has been 
conjectured that there are only finitely many. On the other hand, if a number of the form 
2” +1is a prime for some integer n, then it must be a Fermat prime; that is, n must be a 
power of 2. 

We first need the following: 


Theorem 17.5.1. Let p = 2" +1,n = 2° with s > 0 be a Fermat prime. Then there exists a 
chain of fields 


Q=1g cL, c++ CLy= ky, 
where k, is the p-th cyclotomic field such that 

[L; : Lj] =2 
forj =1,...,n. 


Proof. The extension ky|Q is a Galois extension, and [Kp : Q] = p-1. Furthermore, 
Aut(k,) is cyclic of order p - 1 = 2”. Hence, there is a chain of subgroups 


{1} = Uy, C Una © +++ C Up = Aut(ky) 


with [Uj_, : Uj] = 2 forj = 1,...,n. From the fundamental theorem of Galois theory, the 
fields L; = Fix(k,, U;) with j = 0,...,n have the desired properties. 


The following corollaries describe completely the constructible n-gons, tying them 
to Fermat primes. 


Corollary 17.5.2. Consider the numbers 0,1, that is, a unit line segment or a unit circle. 
A regular p-gon with p > 3 prime is constructible from {0,1} using a straightedge and 
compass if and only if p = 2” +1, s = 0 is a Fermat prime. 


Proof. From Theorem 6.3.13, we have that if a regular p-gon is constructible with a 
straightedge and compass, then p must be a Fermat prime. The sufficiency follows from 
Theorem 17.5.1. 


We now extend this to general n-gons. Let m,n € IN. Assume that we may construct 
from {0,1} a regular n-gon and a regular m-gon. In particular, this means that we may 
construct the real numbers cos(= ), sin( = ), cos(~), and sin(). If the gcd(m,n) = 1, 
then we may construct from {0,1} a regular mn-gon. 

To see this, notice that 


(2 =) (am) (=) (=) : (=) . (=) 
cos{ — + — ] = cos| ————— } = cos cos sin sin ; 
nom nm n m n m 
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and 


. (= =) ; (en) ; (=) (=) (=) . (=) 
sin{ — + — } = sini ———— ] = sin| — }cos{| — ]} + cos{ — }sin{ — }. 
nom nm n m n m 

Therefore, we may construct from {0,1} the numbers cos( 2) and sin( , because 
gcd(n + m, mn) = 1. Therefore, we may construct from {0,1} a regular mn-gon. 
Now let p = 3 be a prime. Then [k,» : Q] = p(p - 1), which is not a power of 2. 
Therefore, from {0, 1} it is not possible to construct a regular p?-gon. Hence, altogether 
we have the following: 


Corollary 17.5.3. Consider the numbers 0,1, that is, a unit line segment or a unit circle. 
A regular n-gon with n € N is constructible from {0,1} using a straightedge and compass 
ifand only if 

(i) n=2™,m>0or 

(ii) n= 2™p,p.---p,, m= 0, and the p; are pairwise distinct Fermat primes. 


Proof. Certainly we may construct a 2”-gon. Furthermore, if r,s € IN with gcd(r, s) = 1, 
and if we can construct a regular rs-gon, then clearly, we may construct a regular r-gon 
and a regular s-gon. 


17.6 The Fundamental Theorem of Algebra 


In this section we present a Galois theoretic proof of the fundamental theorem of Alge- 
bra that we have first studied in Section 7.3. 


Theorem 17.6.1. Each nonconstant polynomial f(x) € C[x], where C is the field of com- 
plex numbers, has a zero in C. Therefore, C is an algebraically closed field. 


Proof: Let f(x) € C[x] be a nonconstant polynomial, and let K be the splitting field of 
f(x) over C. Since the characteristic of the complex numbers C is zero, this will be a 
Galois extension of C. Since C is a finite extension of R, this field K would also be a 
Galois extension of R. The fundamental theorem of algebra asserts that K must be C 
itself, and hence the fundamental theorem of algebra is equivalent to the fact that any 
nontrivial Galois extension of C must be C. 

Let K be any finite extension of R with |K : R| = 2""q, (2,q) = 1. If m = 0, then K is 
an odd-degree extension of R. Since K is separable over R, from the primitive element 
theorem, it is a simple extension, and hence K = R(a), where the minimal polynomial 
m,(x) over R has odd degree. However, odd-degree real polynomials always have a real 
zero, and therefore m,(x) is irreducible only if its degree is one. But then, a € R, and 
K = R. Therefore, if K is a nontrivial finite extension of R of degree 2"q, we must have 
m > 0. This shows more generally that there are no odd-degree finite extensions of R. 
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Suppose that K is a degree 2 extension of C. Then K = C(a) with degm,(x) = 2, 
where m,(x) is the minimal polynomial of a over C. But from the quadratic formula 
complex, quadratic polynomials always have zeros in C, so a contradiction. Therefore, 
C has no degree 2 extensions. 

Now, let K be a Galois extension of C. Then K is also Galois over R. Suppose that |K : 
R| = 2’"q, (2,q) = 1. From the argument above, we must have m > 0. Consider the Galois 
group G = Gal(K/R). Then |G| = 2’"q, m > 0, (2,q) = 1. Thus, G has a 2-Sylow subgroup 
of order 2” and index q (see Theorem 13.3.4). This would correspond to an intermediate 
field E with |K : E| = 2” and |E : R| = q. However, then E is an odd-degree finite 
extension of R. It follows that q = 1 and E = R. Therefore, |K : R| = 2”, and |G| = 2”. 

Now, |K : C| = 2™1 and suppose G, = Gal(K/C). This is a 2-group. If it were not 
trivial, then from Theorem 13.4.1 there would exist a subgroup of order 2”? and index 2. 
This would correspond to an intermediate field E of degree 2 over C. However, from the 
argument above, C has no degree 2 extensions. It follows then that G, is trivial; that is, 
|G,| = 1, so |K : C| =1, and K = C, completing the proof. 


The fact that C is algebraically closed limits the possible algebraic extensions of the 
reals. 


Corollary 17.6.2. Let K be a finite field extension of the real numbers IR. Then K = Ror 
K=C. 


Proof: Since |K : R| < oo by the primitive element theorem, K = R(a) for somea « K. 
Then the minimal polynomial m,(x) of a over Ris in R[x], and hence in C[x]. Therefore, 
from the fundamental theorem of algebra it has a zero in C. Hence, a € C. Ifa € R, then 
K =R, if not, then K = C. 


17.7 Exercises 
1. For f(x) € Q[x] with 


f(x) = x® — 12x" + 36x” - 50 
(f(x) = 4x* - 12x" + 20x - 3) 


1 
determine for each complex zero a of f(x) a finite number of radicals y; = B™, 
i = 1,...,r, and a presentation of a as a rational function in y,,...,y, over Q such 
that y;,, is irreducible over Q(y;,...,y;), and Bj,, € Q(,,...,y;) fori =0,...,r-1. 
2. Let K bea field of prime characteristic p. Let n € IN and K,, be the splitting field of 
x" — 1 over K. Show that Aut(K,,|K) is cyclic. 
3, Let f(x) = x*-x +1 € Z[x]. Show the following: 
(i) f hasa real zero. 


(ii) f is irreducible over Q. 


10. 


11. 
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(iii) Ifu+iv(u,v € R)isazero off inC, theng = x°—4x-1 is the minimal polynomial 
of 4u’ over Q. 

(iv) The Galois group of f over Q has an element of order 3. 

(v) No zeroa € Coff is constructible from the points 0 and 1 with straightedge 
and compass. 

Show that each polynomial f(x) over R decomposes in linear factors and quadratic 

factors (f(x) = d(x — ay) - (x — Gy) +++ (x? + Bix + C1) « (x7 + Dox +.€y) ++, € R). 

Let E be a finite (commutative) field extension of IR. Then E = R, or E = C. 

(Vieta) Show that y*—py = q reduces to the form 4z°-3z = c bya suitable substitution 

y=mz. 

Suppose that |a + id| = |c + id| and |a+ ib|? = c + id. Show that the relation between 

aandc is 4a’ - 3a =c. 

Show the identity of Bombelli: 


\(2 + V—121) = 2+ V-1, 


and apply it on the equation x* = 15x + 4. 

Solve the following equations: 

(a) x°-2x+3=0. 

(b) x* 42x? 4+3x7-x-2=0. 

Let n > 1be anatural number and x an indeterminate over C. Consider the polyno- 
mial x" —1 ¢ Z[x]. In C[x] it decomposes in linear factors: 


x"-1=(x-&)(x -&)--- (x -&), 


where the complex numbers 
iv amv... (ATV 
Es en =cos —_+i-sin—, 1<v<n, 
n n 


are all (different) n-th roots of unity, that is, especially ¢, = 1. These ¢, form a mul- 
tiplicative cyclic group G = {&, &,...,&,} generated by &. It is &, = &. 

An n-th root of unity ¢, is called a primitive n-th root of unity, if ¢, is not an m-th root 
of unity for any m <n. 

Show that the following are equivalent: 

(i) &,is a primitive n-th root of unity. 

(ii) , is a generating element of G. 

(iii) gcd(v,n) = 1. 

The polynomial ¢,,(x) € C[x], whose zeros are exactly the primitive n-th roots of 
unity, is called the n-th cyclotomic polynomial. With Exercise 6 it is 


Qy(X) = I] (x-&,) = I] (x — emi), 


1<v<n 1sv<n 
gcd(v,n)=1 gced(v,n)=1 
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The degree of @,,(x) is the number of the integers {1, ...,}, which are coprime to n. 
Show the following: 
@) x"-1= Maza a(x). 
n 
(ii) $,(%) € Z[x] for alln > 1. 
(iii) @,,(x) is irreducible over Q (and therefore also over Z) for all n > 1. 


12. Show that the Fermat numbers Fo, Fj, F,, F3, Fy are all prime but F; is composite and 
divisible by 641. 


18 The Theory of Modules 


18.1 Modules over Rings 


Recall that a vector space V over a field K is an Abelian group V with a scalar multipli- 
cation-: K x V — V, satisfying the following: 

(1) f(v,+v,.) =f, + fy for f ¢ K and vy,v, € V. 

(2) G, +f)v=fvt+fov for f.f, ¢ K andve V. 


(3) (if)v =fiov) for f.fp ¢Kandve V. 
(4) lv=vforve V. 


Vector spaces are the fundamental algebraic structures in linear algebra, and the study 
of linear equations. Vector spaces have been crucial in our study of fields and Galois 
theory, since any field extension is a vector space over any subfield. In this context, the 
degree of a field extension is just the dimension of the extension field as a vector space 
over the base field. If we modify the definition of a vector space to allow scalar multipli- 
cation from an arbitrary ring, we obtain a more general structure called a module. We 
will formally define this below. Modules generalize vector spaces, but the fact that the 
scalars do not necessarily have inverses makes the study of modules much more com- 
plicated. Modules will play an important role in both the study of rings and the study 
of Abelian groups. In fact, any Abelian group is a module over the integers Z so that 
modules, besides being generalizations of vector spaces, can also be considered as gen- 
eralizations of Abelian groups. 

In this chapter, we will introduce the theory of modules. In particular, we will ex- 
tend to modules the basic algebraic properties such as the isomorphism theorems, which 
have been introduced earlier in presenting groups, rings, and fields. We restrict our- 
selves to commutative rings, so that throughout R is always a commutative ring. If R has 
an identity 1, then we always consider only the case that 1 # 0. Throughout this chapter, 
we use letters a, b,c,m,... for ideals in R. For principal ideals, we write (a) or aR for 
the ideal generated by a € R. We note, however, that the definition can be extended to 
include modules over noncommutative rings (see Chapter 22). In this case, we would 
speak of left modules and right modules. 


Definition 18.1.1. Let R = (R, +,-)a commutative ring and M = (M, +) an Abelian group. 
M together with a scalar multiplication - : Rx M — M, (a,x) + ax, is called a R-module 
or module over R if the following axioms hold: 

(M1) (a+ B)x = ax + Bx, 

(M2) a(x +) = ax + ay, and 

(M3) (aB)x = a(6x) for alla, B ¢ Randx,yeM. 


If R has an identity 1, then M is called an unitary R-module, if in addition 
(M4) 1-x =x for all x ¢ M holds. 
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In the following, R always is a commutative ring. If R contains an identity 1, then M 
always is an unitary R-module. If R has an identity 1, then we always assume 1 # 0. 
As usual, we have the rules: 


0-x=0, a-0=0, (ax) = (-a)x = a(-x), 


for alla € Rand for all x « M. 
We next present a series of examples of modules. 


Example 18.1.2. (1) IfR =K isa field, then a K-module is a K-vector space. 
(2) Let G = (G, +) be an Abelian group. Ifn € Zand x € G, then nx is defined as usual: 


0-x =0, 
nX=X+---+x ifn>0, and 
X+---+X 
n-times 


nx = (-n)(-x) ifn<0. 
Then G is an unitary Z-module via the scalar multiplication 
-:ZxGoG, (nx)PnX. 


(3) Let S bea subring of R. Then, via (s,r) + sr, the ring R itself becomes an S-module. 
(4) Let K bea field, V a K-vector space, and f : V — V alinear map of V. 
Let p = y, at! € K{t]. Then p(f) := yar defines a linear map of V, and V is an 
unitary K[t]-module via the scalar multiplication 


K[t]x VV, (pv) > pv = p(f)(v). 


(5) IfR is acommutative ring and a is an ideal in R, then ais a module over R. 


Basic to all algebraic theory is the concept of substructures. Next we define submod- 
ules. 


Definition 18.1.3. Let M be an R-module. 6 4 U c M is called a submodule of M if 
(UMI) (U,+) < (M,+) and 
(UMID ae Rue Us>aue U;thatis, RU c U. 


Example 18.1.4. (1) In an Abelian group G, considered as a Z-module, the subgroups 
are precisely the submodules. 

(2) The submodules of R, considered as a R-module, are precisely the ideals. 

(3) Rx := fax: ae R}isa submodule of M for each x « M. 

(4) Let K bea field, V a K-vector space, and f : V — Va linear map of V. Let U bea 
submodule of V, considered as a K[t]-module as above. 
Then the following holds: 
(a) U<V. 
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(b) pU = p(f)U c U for all p ¢€ K[t]. In particular aU c U forp = a € K and 
tU = f(U) c U for p = t; that is, U is an f-invariant subspace. 
Also, on the other hand, p(f)U c U for all p € K[t] if U is an f-invariant sub- 
space. 


We next extend to modules the concept of a generating system. For a single genera- 
toy, as with groups, this is called cyclic. 


Definition 18.1.5. A submodule U of the R-module M is called cyclic if there exists an 
x € Mwith U = Rx. 


Example 18.1.4.(3) (above) is an example for a cyclic submodule. 
As in vector spaces, groups, and rings, the following constructions are standard lead- 
ing us to generating systems. 
(1) Let M be a R-module and {U; : i € J} a family of submodules. Then {);.; U; is a 
submodule of M. 
(2) Let M bea R-module. If A c M, then we define 


(A) = ( ){U : U submodule of M with A c U}. 


(A) is the smallest submodule of M, which contains A. If R has an identity 1, then 
(A) is the set of all linear combinations >); a,a; with all a; € R, all a; ¢ A. This holds 
because M is unitary, and na = n(1-a) = (n-laforn € Zanda «€ A; that is, we may 
consider the pseudoproduct na as a real product in the module. Especially, if R has 
an identity 1, then aR = ({a}) =: (a). 


Definition 18.1.6. Let R have an identity 1. If M = (A), then A is called a gener- 
ating system of M. M is called finitely generated if there are q,...,a, ¢€ M with 
M = ({ay,...5Qy}) =: (Qy,.--5Qy)- 


The following is clear: 


Lemma 18.1.7. Let U; be submodules of M, i € I, I an index set. Then 


(U Ui) = » a;:4;¢U;,Lc rfnite|. 
ie ieL 

We write (Uji; Uj) =: Vier Uj and call this submodule the sum of the U;. Asum } j<; Uj 
is called a direct sum if for each representation of 0, as 0 = }\a;, a; € U;, it follows that 
all a; = 0. This is equivalent to U; 0 )/;4; Uj = 0 for alli ¢ I. 

Notation: @,,; Uj; and ifI = {1,...,n}, then we also write U, @---® U,. 

In analogy with our previously defined algebraic structure, we extend to modules 
the concepts of quotient modules and module homomorphisms. 
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Definition 18.1.8. Let U be a submodule of the R-module M. Let M/U be the factor 
group. We define a (well defined) scalar multiplication: 


RxM/U->M/U, a(x+U):=ax+U. 


With this M/U is a R-module, the factor module or quotient module of M by U.In M/U, 
we have the operations 


(x+U)+(y+U)=(x+y)+U, 
and 
a(x+U)=ax+U. 


A module M over a ring R can also be considered as a module over a quotient ring 
of R. The following is straightforward to verify (see exercises): 


Lemma 18.1.9. Let a < R an ideal in R and M a R-module. The set of all finite sums of the 
form ¥ a;x;, a; € a, xX; € M, is a submodule of M, which we denote by aM. The factor group 
M/aM becomes a R/a-module via the well defined scalar multiplication 


(a+a)(m+aM) =am+aM. 


If here R has an identity 1 and a is a maximal ideal, then M/aM becomes a vector space 
over the field K = R/a. 


We next define module homomorphisms: 


Definition 18.1.10. Let R be a ring and M, N be R-modules. Amapf : M — N iscalleda 
R-module homomorphism (or R-linear) if 


fxt+y)=f0OO+f) and f(ax) =af(x) 


for alla € Randall x,y e€ M. Endo-, epi-, mono-, iso- and automorphisms are defined 
analogously via the corresponding properties of the maps. Iff : M > Nandg:N —P 
are module homomorphisms, then g °f : M — P is also a module homomorphism. If 
f :M — Nisanisomorphism, then also f-!: N > M. 


We define kernel and image in the usual way: 
ker(f) := {x ¢ M: f(x) = 0}, 
and 
im(f) = f(M) = {f(x) :x € M}. 


The set ker(f) is a submodule of M, and im(f) is a submodule of N. As usual, f is injective 
if and only if ker(f) = {0}. 
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If U is asubmodule of M, then the map x + x + U defines a module epimorphism 
(the canonical epimorphism) from M onto M/U with kernel U. 

There are module isomorphism theorems. The proofs are straightforward exten- 
sions of the corresponding proofs for groups and rings. 


Theorem 18.1.11 (Module isomorphism theorems). Let M,N be R-modules. 
() Iff :M — Nis amodule homomorphism, then 


f(M) = M/ker(f). 
(2) IfU,V are submodules of the R-module M, then 
U/(UNV) = (U+V)/V. 
(3) IfU and V are submodules of the R-module M with U c V cM, then 
(M/U)/(V/U) = M/V. 


For the proofs, as for groups, just consider the mapf:U+V —> U/(UNV),u+VH 
u+ (UNV), which is well defined because U n V is a submodule of U; then we have 
ker(f) = V. 

Note that a + ap, p « R fixed, defines a module homomorphism R — R if we 
consider R itself as a R-module. 


18.2 Annihilators and Torsion 


In this section, we define torsion for an R-module and a very important subring of R 
called the annihilator. 


Definition 18.2.1. Let M@ be an R-module. For a fixed a € M, consider the module homo- 
morphism A, : R > M,A,(q@) := aa where we consider R as an R-module. We call ker(A,) 
the annihilator of a denoted by Ann(a); that is, 


Ann(a) = {a € R: aa = O}. 


Lemma 18.2.2. The annihilator Ann(a) is asubmodule of R and the module isomorphism 
theorem (1) gives R/ Ann(a) = Ra. 


We next extend the annihilator to whole submodules of M: 


Definition 18.2.3. Let U be a submodule of the R-module M. The annihilator Ann(U) is 
defined to be 


Ann(U) := {a¢ R: au =0forallu € U}. 
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As for single elements, since Ann(U) = (),,<y Ann(u), then Ann(U) is a submodule 
of R. If p ¢ R,u € U, then pu ¢ U; that means, if u €¢ Ann(U), then also pu € Ann(U), 
because (ap)u = a(pu) = 0. Hence, Ann(U) is an ideal in R. 

Suppose that G is an Abelian group. Then as aforementioned, G is a Z-module. An 
element g € G isa torsion element, or has finite order ifng = 0 for somen ¢€ N. The 
set Tor(G) consists of all the torsion elements in G. An Abelian group is torsion-free if 
Tor(G) = {0}. 


Lemma 18.2.4. Let G be an Abelian group. Then Tor(G) is a subgroup of G, and the factor 
group G/ Tor(G) is torsion-free. 


We extend this concept now to general modules: 


Definition 18.2.5. The R-module M is called faithful if Ann(M) = {0}. We call an element 
a € M atorsion element, or element of finite order, if Ann(a) # {0}. A module without 
torsion elements # 0 is called torsion-free. If the R-module M is torsion-free, then R has 
no zero divisors + 0. 


Theorem 18.2.6. Let R be an integral domain and M an R-module (by our agreement M 
is unitary). Let Tor(M) = T(M) be the set of torsion elements of M. Then Tor(M) is a 
submodule of M, and M/ Tor(M) is torsion-free. 


Proof. Ifm € Tor(M), a € Ann(m), a # 0, and f € R, then we get 


a(Bm) = (a@B)m = (Ba)m = B(am) = 0; 


that is, Bm ¢ Tor(M), because af # 0 if B + 0 (Ris an integral domain). Let m’ another 
element of Tor(M) and 0 ¢ a’ € Ann(m’). Then aa’ # 0, and 


aa'(m+m’') = aa'm+aa'm' = a'(am) + a(a'm’) = 0; 


that is, m+m’ € Tor(M). Therefore, Tor(M) is a submodule. 

Now, let m + Tor(M) be a torsion element in M/Tor(M). Let a € R,a # 0 with 
a(m+Tor(M)) = am+Tor(M) = Tor(M). Then am € Tor(M). Hence, there exists a B € R, 
B # 0, with 0 = B(am) = (Ba)m. Since Ba # 0, we get that m € Tor(M), and the torsion 
element m + Tor(M) is trivial. 


18.3 Direct Products and Direct Sums of Modules 


Let Mj, i ¢ I # 0, be a family of R-modules. On the direct product 


P=T[M= {ft Umisf € Mj for an ie rt, 


ieI ieI 


we define the module operations 
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+:PxP—P and -:RxP—P 
via 
f+H@:=fMO+g@ and (af) i) = af(i). 


Together with these operations, P = [],-; Mj; is an R-module, the direct product of 
the M,. If we identify f with the J-tuple of the images f = (f;);<7, then the sum and the 
scalar multiplication are componentwise. If J = {1,...,n} and M; = M for alli ¢ J, then 
we write, as usual, M" = [];<; Mj. 

We make the agreement that []j<;-9 Mj := {0}. 

Mier Mi := tf € Wier Mj; : f(i) = 0 for almost all i} (“for almost all i” means that 
there are at most finitely many i with f(i) # 0) is a submodule of the direct product, 
called the direct sum of the Mj. IfI = {1,...,n}, then we write @,-; Mj = M, @---®M). 
Here, []j_, M; = BL, M; for finite I. 


Theorem 18.3.1. (1) Ifz € S; is a permutation of I, then 
[[™ = | 0: 
ie] ie] 

and 
DM = D Maw: 
ie] ieI 


(2) IfI= Ujer the disjoint union, then 


[m= T1(I1™) 


iel jg ‘iel; 


and 


Bmu;=Q ( a Mi). 
ie jg * tel 
Proof. For (1), consider the map f +> f oz. 
For (2), consider the map f +> Uj. fj, where fj < Ties, M; is the restriction of f onto 
Ij, and perf is on J, defined by (je (4) =f =f (k). 


Let I # 0. If M = [];<; M;, then we get in a natural manner module homomorphisms 
nm; :M — M, viaf + f(0; 7; is called the projection onto the ith component. In duality, 
we define module homomorphisms 6; : Mj > ier Mi © [lier Mi via 6:(m,) = (nj)jer 
where n; = 0 ifi # j and n; = m;. 6; is called the ith canonical injection. If I = {1,...,n}, 
then 77;(a,,...,@j,...,Q,) = a;, and 6;(m;) = (0,...,0, mj, 0,...,0). 

We now consider universal properties. 
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Theorem 18.3.2 (Universal properties). Let A, M;,i € I # 0, be R-modules. 

(1) If¢; : A — M,, i € I, are module homomorphisms, then there exists exactly one 
module homomorphism @ : A — | |j<; Mj such that, for each i, the following diagram 
commutes: 


A 


that is, @; = 7; ° @ where 7; is the jth projection. 

(2) If; : M; — A,i € I, are module homomorphisms then there exists exactly one 
module homomorphism Y : @j-.M; — A such that for eachj «€ J the following 
diagram commutes: 


6; 
® M; : Mj 


iel 


A 


that is, Bj = W o 5; where 4; is the jth canonical injection. 


Proof. We first consider (1). If there is such @, then the jth component of ¢(a) is equal 
;(a), because Ti; ° d= dj. Hence, define (a) € [];<; M; via ¢(a)(i) := $;(a), and @ is the 
desired map. 

We now prove (2). If there is such a ¥ with W © a = wi, then 


W(x) = W((x%)) = 0) 540%) = ) Bo (x) = ) Vi). 
ieI iel ieI 


Hence, define Y((x;)) = )j-7 ¥j(x;), and © is the desired map (recall that the sum is well 
defined). 


18.4 Free Modules 


If V is a vector space over a field K, then V always has a basis over K, which may be infi- 
nite. Despite the similarity to vector spaces, because the scalars may not have inverses, 
this is not necessarily true for modules. 
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We now define a basis for a module. Those modules that actually have a basis are 
called free modules. 

Let R be a ring with identity 1, M be a unitary R-module, and S c M. Each finite sum 
> a;s;, the a; € R, and the s; € S, is called a linear combination in S. Since M is unitary, 
and S # @, then (S) is exactly the set of all linear combinations in S. In the following, we 
assume that S # @. If S = 0, then (S) = (@) = {0}, and this case is not interesting. For 
convention, in the following, we always assume m; # m; ifi # j ina finite sum )' am; 
with all a; ¢ R and all m; € M. 


Definition 18.4.1. A finite set {m,,...,m,} ¢ M is called linear independent or free 
(over R) if a representation 0 = ya a;m; implies always a; = 0 for alli ¢€ {1,...,n}; 
that is, 0 can be represented only trivially on {m,,...,m,,}. Anonempty subset S c M is 
called free (over R) if each finite subset of S is free. 


Definition 18.4.2. Let M be an R-module (as above). 

(1) Sc Mis called a basis of M if 
(a) M =(S), and 
(b) Sis free (over R). 

(2) IfM has a basis, then M is called a free R-module. If S is a basis of M, then M is called 
free on S, or free with basis S. 


In this sense, we can consider {0} as a free module with basis 9. 


Example 18.4.3. 1. RxR= R*, as an R-module, is free with basis {(1, 0), (0, 1)}. 
2. More generally, let I # 9. Then Q)j-; Rj with R; = R for alli € J is free with basis 
{e,: I > R: e(f) = dy, ij € I}, where 
0 ifi#), 
by = Pte 
1 ifi=j. 


In particular, if J = {1,...,n}, then R" = {(a,...,a,) : a; € R} is free with basis 
{e; = (0,...,0,1,0,...,0);1 < i< n}. 


i-1 
3. Let G be an Abelian group. If G, as a Z-module, is free on S c G, then Gis calleda 
free Abelian group with basis S. If |S| = n < oo, then G = Z”. 


Theorem 18.4.4. The R-module M is free on S if and only if eachm € M can be written 
uniquely in the form >. a;s; with a; € R, s; € S. This is exactly the case, where M = yes RS 
is the direct sum of the cyclic submodules Rs, and each Rs is module isomorphic to R. 


Proof. If S is a basis then each m € M can be written as m = ) ajs;, because M = (S). 
This representation is unique, because if ¥ a;s; = ¥ B;s;, then (a; — B;)s; = 0; that is, 
a; — B; = 0 for alli. If, on the other side, we assume that the representation is unique, 
then we get from )'a;s; = 0 = )'0-s; that all a; = 0, and therefore M is free on S. 
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The rest of the theorem, essentially, is a rewriting of the definition. If each m € M can 
be written as m = ) ajs;, then M = ).c5 Rs. IE x € Rs! A Yse55¢5" RS with s’ € S, then 
x= 0's! = Ys se scs GS, and 0 = a's’ — ¥. 17 5 <5 GS; Therefore, a’ = 0, and a; = 0 for 
all i. This gives M = @g¢5 Rs. The cyclic modules Rs are isomorphic to R/ Ann(s), and 
Ann(s) = {0} in the free modules. On the other side such modules are free on S. 


Corollary 18.4.5. (1) M is freeonS @ M = Qc Ry, R, = R foralls € S. 
(2) IfM is finitely generated and free, then there exists ann € INg such that 


M=R"=Re---oR. 
n-times 
Proof: Part (1) is clear. For (2), let M = (x;,...,x,) and S a basis of M. Each x; is uniquely 
representable on S, as x; = )’,.<5 @jS;- Since the x; generates M, m = )' B;x; = ) B;a;s; for 


vj 
arbitrary m ¢ M, and we need only finitely many s; to generate M. Hence, S is finite. 


Theorem 18.4.6. Let R be a commutative ring with identity 1, and M a free R-module. 
Then any two bases of M have the same cardinality. 


Proof: The ring R contains a maximal ideal m, and R/m is a field (see Theorems 2.3.2 
and 2.4.2). Then M/mM is a vector space over R/m. From M = @,ez Rs with basis S, we 
get mM = @,<5 ms; hence, 


M/mM = (Bes) /mM = CP(Rs/mM) = GD R/m. 
seS seS seS 


Therefore, the R/m-vector space M/mM has a basis of the cardinality of S. This gives the 
result. 


Let R be a commutative ring with identity 1, and M a free R-module. The cardinality 
of a basis is an invariant of M, called the rank of M or dimension of M. 
If rank(M) = n < oo, then this means M = R". 


Theorem 18.4.7. Each R-module is a (module-)homomorphic image of a free R-module. 


Proof. Let M be a R-module. We consider F := Dey Rm With Rp = R for allm € M. Fis 
a free R-module. The map f : F > M, f((Qm) meu) = ¥ mm, defines a surjective module 
homomorphism. 


Theorem 18.4.8. Let F,M be R-modules, and let F be free. Let f : M — F be a module 
epimorphism. Then there exists a module homomorphism g : F — M with f og = id,, 
and we have M = ker(f) @ g(F). 


Proof. Let S be a basis of F. By the axiom of choice, there exists for each s € S an element 
m, € M with f(m,) = s (f is surjective). We define the map g : F —~ Mvias » m, 
linearly; that is, 2()'s,c5 GSi) = Ys,e5 4M,,. Since F is free, the map g is well defined. 
Obviously, f og(s) = f(m,) = sfors ¢€ S; that means fog = id,, because F is free on S. For 
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each m € M, wehave also m = gof(m)+(m-gof(m)), where g°f(m) = g(f(m)) € g(F). 
Since f o g = idp, the elements of the form m - g of (m) are in the kernel of f. Therefore, 
M = g(F)+ker(f). Now let x € g(F)nker(f). Then x = g(y) forsomey € F and 0 = f(x) = 
f °g(y) =y, and hence x = 0. Therefore, the sum is direct: M = g(F) @ ker(f). 


Corollary 18.4.9. Let M be an R-module and N a submodule such that M/N is free. Then 
there is a submodule N' of M withM =Ne@N'. 


Proof: Apply the above theorem for the canonical map 7:M — M/N with ker(zr)=N. 


18.5 Modules over Principal Ideal Domains 


We now specialize to the case of modules over principal ideal domains. For the remain- 
der of this section, R is always a principal ideal domain # {0}. We now use the notation 
(a) := aR, a € R, for the principal ideal aR. 


Theorem 18.5.1. Let M bea free R-module of finite rank over the principal ideal domain R. 
Then each submodule U is free of finite rank, and rank(U) < rank(M). 


Proof. We prove the theorem by induction onn = rank(M). The theorem certainly holds 
ifn = 0. Now let n = 1, and assume that the theorem holds for all free R-modules of 
rank < n. Let M bea free R-module of rank n with basis {x,,...,xX,}. Let U be a submod- 
ule of M. We represent the elements of U as linear combination of the basis elements 


X1,...,X,, and we consider the set of coefficients of x, for the elements of U: 


a= {peRsAns Spinel. 


i=2 


Certainly a is an ideal in RK. Since R is a principal ideal domain, we have a = (a,) for some 
a, € R. Letu ¢ U be an element in U, which has a, as its first coefficient; that is 


n 
U = (4X, + Y ax; €U. 
i=2 


Let v € U be arbitrary. Then 


n 
V = p(X) +) piX- 
i= 


Hence, v — pu ¢ U’ := Un M"’, where M’ is the free R-module with basis {x2,..., Xp}- 
By induction, U’ is a free submodule of M’ with a basis {y,,...,y,},t < n-1.If a, = 0, 
then a = (0), and U = U’, and there is nothing to prove. Now let a, # 0. We show that 


{u,y1,...,¥;} is a basis of U. v — pu is a linear combination of the basis elements of U’; 
that is, v — pu = ae niy; uniquely. Hence, v = pu + er nip, and U = (U,yy,...5Yz)- 
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Now let be 0 = ypu+ ye, L;y;. We write u and the y, as linear combinations in the basis 
elements x;,...,X,, of M. There is only an x,-portion in yu. Hence, 


n 
U 
0 = ya,x, + > Hi%. 
i=2 


Therefore, first ya,x, = 0; that is, y = 0, because R has no zero divisor # 0, and further- 
more, ll, =--- =u), = 0. That means, uy, =--- = Ul, = 0. 


Let R be a principal ideal domain. Then the annihilator Ann(x) in R-modules M has 
certain further properties. Let x « M. By definition 


Ann(x) = {fae R:ax=0}<R, anidealinR, 


hence Ann(x) = (6,). If x = 0, then (6,) = R. 6, is called the order of x and (6,) the 
order ideal of x. 5, is uniquely determined up to units in R (that is, up to elements 7 with 
nn’ =1for some n’ € R). For asubmodule U of M, we call Ann(U) = (),<y(6,) = (wu), the 
order ideal of U. 

In an Abelian group G, considered as a Z-module, this order for elements corre- 
sponds exactly to the order as group elements if we choose 6, > 0 for x € G. 


Theorem 18.5.2. Let R be a principal ideal domain and M be a finitely generated torsion- 
free R-module. Then M is free. 


Proof: Let M = (x,,...,X,) torsion-free and R a principal ideal domain. Each submodule 
(x;) = Rx; is free, because M is torsion-free. We call a subset S c (x;,...,X,) free if the 
submodule (S) is free. Since (x;) is free, there exist such nonempty subsets. Under all 
free subsets S c (X;,...,X,), we choose one with a maximal number of elements. We 
may assume that {x;,...,X,}, 1 < s <n, is such a maximal set—after possible renaming. 
Ifs =n, then the theorem holds. Now, let s < n. By the choice of s, the sets {x1,...,X5,X;} 
with s <j < nare not free. Hence, there are a; eR, and a; € R, not all 0, with 


Ss 
aX; = Y ax; a; #0,S<j<n. 
i=1 


For the product a := d5,1---@, # 0, we get ax; € RX, ®---® Rx, =: F,s <j < n, because 
ax; ¢ F for1<i< s. Altogether, we get aM c F. aM is asubmodule of the free R-module 
F of rank s. By Theorem 18.5.1, we have that aM is free. Since a # 0, and M is torsion- 
free, the map M — aM, x + ax, defines an (module) isomorphism; that is, M = aM. 
Therefore, also M is free. 


We remind that for an integral domain R, the set 


Tor(M) = T(M) = {x € M: Fa € R,a ¢ 0, with ax = 0} 
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of the torsion elements of an R-module M, is a submodule with torsion-free factor mod- 
ule M/T(M). 


Corollary 18.5.3. Let R be a principal ideal domain and M be a finitely generated R-mod- 
ule. Then M = T(M) @ F with a free submodule F = M/T(M). 


Proof. M/T(M) is a finitely generated, torsion-free R-module, and hence free. By Corol- 
lary 18.4.9, we have M = T(M) @F, F = M/T(M). 


From now on, we are interested in the case where M ¢ {0} is a torsion R-module; 
that is, M = T(M). Let R be a principal ideal domain and M = T(M) an R-module. Let 
M # {0} and finitely generated. As above, let 6, be the order of x € M, unique up to units 
in R, and let (6,) = {a € R: ax = 0} be the order ideal of x. 

Let () = (\yey(5,) be the order ideal of M. Since (u) ¢ (5,), we have 6,|u for 
all x € M. Since principal ideal domains are unique factorization domains, if u # 0, 
then there can not be many essentially different orders (that means, different up to 
units). Since M # {0} and finitely generated, we have in any case uw # 0, because if 
M = (X%,...,Xn), GX; = 0 with a; # 0, then aM = {O}ifa :=a,---a, #0. 


Lemma 18.5.4. Let R be a principal ideal domain and M + {0} be an R-module with M = 

T(M). 

(1) Ifthe orders 6, and by of x,y € M are relatively prime; that is, gcd(6,, 5y) = 1, then 
(Sx4y) = (6,5y). 

(2) Let 6, be the order of z « M,z # 0. If 6, = af with gcd(a, B) = 1, then there exist 
x,y €Mwithz =x +yand (6,) = (a), (5) = (B). 


Proof. (1) Since 6,4,(x + y) = 6,5,x + 6,dyy = 6,5,x + 6,dyy = 0, we get (6,5,) ¢ (S,4y). 
On the other hand, from 6,x = 0 and 6,,,(x +y) = 0, we get 0 = 6,d,4y(X +y) = bb y4yy; 
that means, 6,6,,, € (5,), and hence 6,|6,5,,y. Since ged(6,,d,) = 1, we have 6,|6,,y. 
Analogously 6,|6,,y. Hence, 6, 6,54), and (5,4) ¢ (6,5)). 

(2) Let 6, = aB with gcd(a, B) = 1. Then there are p,o ¢ Rwith1 = pa+of. Therefore, 
we get 


Z=1-Z=paz+opz=y+x=xXty. 
ecagt d 
=y =X 


Since ax = aoBz = 06,z = 0, we get a € (6,); that means, 6,|a. On the other hand, from 
0 = 6,x = of6d,z, we get 5,|086,, and hence aB|oB6,, because 5, = af. Therefore, a|a6,. 
From gcd(a, o) = 1, we get a|d,. Therefore, a is associated to 6,; that is a = 6,e withea 
unit in R, and furthermore, (a) = (6,). Analogously, (8) = (dy). 


In Lemma 18.5.4, we do not need M = T(M). We only need x,y,z € M with 6, # 0, 
dy # 0 and 6, + 0, respectively. 
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Corollary 18.5.5. Let R be a principal ideal domain and M + {0} be an R-module with 

M=T(M). 

1, Let x1,...,X_ € M be pairwise different and pairwise relatively prime orders 5,, = qj. 
Then y = X, +--+: +X, has order a := Q,--- Gy. 

2. Let0#x¢eMandé, = en . «tin be a prime decomposition of the order 6, of x (ea 
unit in R and the 7; pairwise nonassociate prime elements in R), where n > 0, k; > 0. 


Then there exist x;, i= 1,...,n, with 6, associated with is and X = X,++-++Xp. 


This is exercise 7. 


18.6 The Fundamental Theorem for Finitely Generated Modules 


In Section 10.4, we described the following result called the basis theorem for finite 
Abelian groups. In the following, we give a complete proof in detail; an elementary proof 
is given in Chapter 19: 


Theorem 18.6.1 (Theorem 10.4.1, basis theorem for finite Abelian groups). Let G be a fi- 
nite Abelian group. Then G is a direct product of cyclic groups of prime power order. 


This allowed us, for a given finite order n, to present a complete classification of 
Abelian groups of order n. In this section, we extend this result to general modules 
over principal ideal domains. As a consequence, we obtain the fundamental decom- 
position theorem for finitely generated (not necessarily finite) Abelian groups, which 
finally proves Theorem 10.4.1. In the next chapter, we present a separate proof of this in 
a slightly different format. 


Definition 18.6.2. Let R be a principal ideal domain and M be an R-module. Let 7 ¢ R 
be a prime element. M, := {x ¢ M : 3k > Owith mkx = 0} is called the z-primary 
component of M.If M = M,, for some prime element z € R, then M is called z-primary. 


We have the following: 
1. M,isasubmodule of M. 
2. The primary components correspond to the p-subgroup in Abelian groups. 


Theorem 18.6.3. Let R be a principal ideal domain and M # {0} be an R-module with 
M =T(M). Then M is the direct sum of its n-primary components. 


Proof: x € M has finite order 6,. Let 6, = em . - atin be a prime decomposition of 5,. By 
Corollary 18.5.5, we have that x = >’ x; with x; « M,,. That means, M = )',<p M,, where P 
is the set of the prime elements of R. Let y € M9 Yigcpozn Mo; that is, d, = nX for some 
k > Oandy = >’ x; with x; « M,.. That means, 6,, = a'' for some I; => 0. By Corollary 18.5.5, 


k 


we get that y has the order |]. 47 oF; that means, 7° is associated to [5.47 ot, Therefore, 


k = 1; = 0 for alli, and the sum is direct. 
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If R is a principal ideal domain and {0} # M = T(M) a finitely generated torsion 
R-module, then there are only finitely many z-primary components. That is to say, for 
the prime elements, 7 with z|u, where (1) is the order ideal of M. 


Corollary 18.6.4. Let R be a principal ideal domain and {0} + M be a finitely gener- 
ated torsion R-module. Then M has only finitely many nontrivial primary components 


M;,>--->M,,,, and we have 


M= Om, 
i=1 


Hence, we have a reduction of the decomposition problem to the primary compo- 
nents. 


Theorem 18.6.5. Let R be a principal ideal domain, m € R a prime element, and M +# {0} 
a R-module with r*M = {0}; furthermore, let m € M with (6) = (rk ). Then there exists a 
submodule N c M with M = Rm@N. 


Proof. By Zorn’s lemma, the set {U : U submodule of M and UnRm = {0}} has a maximal 
element N. This set is nonempty, because it contains {0}. We consider M’ := NeRm c M, 
and have to show that M’ = M. Assume that M’ # M. Then there exists a x ¢ M with 
x ¢ M', especially x ¢ N. Then N is properly contained in the submodule Rx+N = (x,N). 
By our choice of N, we get A := (RX +N) Rm # {0}. Ifz € A,z #0, thenz = pm =ax+n 
with p,a € Randn ¢€ N. Since z + 0, we have pm # 0; also x # 0, because otherwise 
zéRmON = {0}; ais not a unit in R, because otherwise x = a (pm —n) € M'. Hence 
we have: If x ¢ M, x ¢ M’, then there exist a ¢ R,a # 0, anotaunit in R, p ¢ Rwith 
pm #0, and n € N such that 


ax=pmtn. (x) 


In particular, ax ¢ M’. 

Now let a = em, ---7, be a prime decomposition. We consider one after the other 
the elements x, 71,X, 1p_1[pX,..., €7y+**IpX = ax. We have x ¢ M’, but ax ¢ M’; hence, 
there exists an y ¢ M’ with my ¢ N+ Rm. 

1. 2; # 7, m the prime element in the statement of the theorem. Then we have 
gcd(m;,7*) = 1; hence, there are o, a’ € R with om, + o’m* = 1, and we get 


Rm = (Rr; + Ra*)m = 1;Rm, 


because zm = 0. Therefore, 7,y ¢ M' = N@Rm=N +7;Rm. 

2. 1; = m1. Then we write my as my = n+Amwithn € N andA € R. This is possible, 
because zy « M’. Since nkM = {0}, we get 0 = mt ‘Ty = mk1n + 0'Am. Therefore, 
mn = kam = 0, because N n Rm = {0}. In particular, we get 2*1A € (6,,); that 
is, w*\k-1, and hence 7A. Therefore, zy =n+Am=n+74'meN+mRm,J' €R. 


Hence, in any case, we have 7;y ¢ N+ 7;Rm; that is, zy = n+7,;z withn € Nandz € Rm. 
It follows that 7;(y -z)=neN. 
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y —z is not an element of M’, because y ¢ M’. By (x), we have, therefore, a,B € R, 
B # 0 nota unit in R with B(y - z) = n' + am, am ¢ 0,n’ € N. We write z’ = am, then 
z' €Rm,z' ¢ 0, and B(y —z) = n' +z’. So, we have the equations B(y—z) = n' +z',z' #0, 
and 


Ti(y-Z) =n. (xx) 


We have gcd(f, 7;) = 1, because otherwise 7;|8 and, hence, B(y - z) « N andz’ = 0, 
because N 0 Rm = {0}. Then there exist y, y’ with yz; + y’B = 1. In («*), we multiply the 
first equation with y’ and the second with y. 

Addition gives y- z ¢ N@Rm = M’, and hence y € M’, which contradicts y ¢ M’. 
Therefore, M = M’. 


Theorem 18.6.6. Let R be a principal ideal domain, m € Ra prime element, and M + {0} 
a finitely generated m-primary R-module. Then there exist finitely many m,,...,m, € M 
with M = @j_, Rm. 


ll 


Proof. Let M = (x,,...,X,). Each x; has an order 7‘, We may assume that k, 
max{k,, ky,...,K,}, possibly after renaming. We have nix; = 0 for all i. Since ie 
edn’, we have also 7M = 0, and also (6,,) = (74, Then M = Rx, @N for some 
submodule N c M by Theorem 18.6.5. Now N = M/Rx,, and M/Rx, is generated by the 
elements x, + RX;,...,X, + Rx,. Hence, N is finitely generated by n — 1 elements, and 
certainly N is z-primary. This proves the result by induction. 


Since Ry, = R/ Ann(m;), and Ann(m;) = (6n,) = (ti), we get the following extension 
of Theorem 18.6.6: 


Theorem 18.6.7. Let R be a principal ideal domain, m € Ra prime element, and M + {0}a 
finitely generated m-primary R-module. Then there exist finitely many k;,...,k, € IN with 


M= Daria"), 
i=0 


and M is, up to isomorphism, uniquely determined by (k,,..., Ks). 


Proof. The first part, that is, a description as M = ace Rink ), follows directly from 
Theorem 18.6.6. Now, let 


M 


I 
D 
= 
ee 
mn 
D 
= 
& 


i=0 i=0 


We may assume that k, > ky >--->k, > 0,and 1, > 1, >--- = 1, > 0. We consider first 
the submodule N := {x « M: mx = 0}. Let M = QE, R/(*). 

If we then write x = )'\(r; + (ki )), we have zx = Oifand only ifr; < (kit): that is, 
N= QL yk) = OL, R/(n), because w*1R/nkR = R/TR. 
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Since (a + (7t))x = ax if mx = 0, we get that N is an R/(7)-module, and hence a vector 
space over the field R/(7). From the decompositions 


n m 
Ne DRI) and, analogously, N = DRI) 
l= l= 


we get 
n= dimen) N =m. («x x) 


Assume that there is an i with k; < |; or 1; < k;. Without loss of generality, assume that 
there is an i with k; < l;. 
Let j be the smallest index, for which kj < I. Then (because of the ordering of the k;) 


n jal 
M’ := 7M = Dariaxin*R = Dadaxin*R, 
i=l i=l 


because if i > j, then nR/n*R = {0}. 

We now consider M! = ‘iM with respect to the second decomposition; that is, 
M' = OE, 2R/r'R. By our choice of j, we have kj << | for1sisj. 

Therefore, in this second decomposition, the first j summands mR/R are unequal 
{0}; that is, nR/miR # {O} if 1 < i < j. The remaining summands are {0}, or of the 
form R/7°R. Hence, altogether, on the one hand, M’ is a direct sum of j — 1 cyclic sub- 
modules, and, on the other hand, a direct sum of t > j nontrivial submodules. But this 
contradicts the above result (« * «) about the number of direct sums for finitely gener- 
ated z-primary modules, because, certainly, M’ is also finitely generated and z-primary. 
Therefore, k; = 1; fori =1,...,n. This proves the theorem. 


Theorem 18.6.8 (Fundamental theorem for finitely generated modules over principal ideal 
domains). Let R be a principal ideal domain and M ¥# {0} be a finitely generated (uni- 
tary) R-module. Then there exist prime elements 7,,...,7, € R, 0 < r < co and numbers 
k,,...,, € tIN, t € INg such that 


M = R/(n) @R/(7,) @--- @R/ (1) @RO---@R, 


t-times 


and M is, up to isomorphism, uniquely determined by (mi net my, t). 
The prime elements 7; are not necessarily pairwise different (up to units in R); that 
means, it can be 77; = el; for i # j, where ¢€ is a unit in R. 


Proof. The proof is a combination of the preceding results. The free part of M is isomor- 
phic to M/T(M), and the rank of M/T(M), which we call here t, is uniquely determined, 
because two bases of M/T(M) have the same cardinality. Therefore, we may restrict our- 
selves on torsion modules. Here, we have a reduction to z-primary modules, because in 


284 —— 18 The Theory of Modules 


a decomposition M = @,; R/ (ni) is M, = ack R/ (ni), the z-primary component of M 
(an isomorphism certainly maps a z-primary component onto a z-primary component). 
Therefore, it is only necessary, now, to consider z-primary modules M. The uniqueness 
statement now follows from Theorem 18.6.8: 


Since Abelian groups can be considered as Z-modules, and Z is a principal ideal 
domain, we get the following corollary. We will restate this result in the next chapter 
and prove a different version of it. 


Theorem 18.6.9 (Fundamental theorem for finitely generated Abelian groups). Let {0} # 
G = (G, +) beafinitely generated Abelian group. Then there exist prime numbers p,,...; DP; 
0<r< oo, andnumbers k,,...,k, € IN, t € Nog such that 


G=Z/(pPZ)e---@Z/(pYZ)eZe---oZ, 


t-times 


and G is, up to isomorphism, uniquely determined by (pe, ane pe, t). 


18.7 Exercises 


1. LetM and N be isomorphic modules over a commutative ring R. Then Endp(M) and 
Endg(N) are isomorphic rings. (Endp(M) is the set of all R-modules endomorphisms 
of M.) 

2. Let R bean integral domain and M an R-module with M = Tor(M) (torsion module). 
Show that Hom,(M, R) = 0. (Hom,(M, R) is the set of all R-module homomorphisms 
from M to R.) 

3. Prove the isomorphism theorems for modules (1), (2), and (3) in Theorem 18.1.11. 
Let M,M',N be R-modules, R a commutative ring. Show the following: 

(i) Hom,(M @ M’',N) = Hom,(M, N) x Hom,(M’,N). 
(ii) Homg(N, M x M') = Hom,(N,M) © Hom,(N,M’). 

5. Show that two free R-modules having bases, whose cardinalities are equal are iso- 
morphic. 

6. LetM be an unitary R-module (R a commutative ring), and let {m,,...,m,} bea finite 
subset of M. Show that the following are equivalent: 

(i) {m,,...,m,} generates M freely. 

(ii) {m,,...,m,} is linearly independent and generates M. 

(iii) Every element m ¢ M is uniquely expressible in the form m = ¥}_, rjm; with 
r, ER. 

(iv) Each Rm; is torsion-free, and M = Rm, @---® Rm,. 

7. LetR bea principal domain and M # {0} be an R-module with M = T(M). 

(i) Let x,,...,X, € M be pairwise different and pairwise relatively prime orders 
6,, = a;. Then y = x, + --- +X, has order a := ay...ay. 
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(ii) LetO0 # x ¢ Mand6, = em th be a prime decomposition of the order 6, of 
xX (€ a unit in R and the 7; pairwise nonassociate prime elements in R), where 
n > 0,k; > 0. Then there exist x;, i = 1,...,n, with 6,, associated with a and 
X =X tet Xp. 
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19.1 Finite Abelian Groups 


In Chapter 10, we described the theorem below that completely provides the structure 
of finite Abelian groups. As we saw in Chapter 18, this result is a special case of a general 
result on modules over principal ideal domains. 


Theorem 19.1.1 (Theorem 10.4.1, basis theorem for finite Abelian groups). Let G bea finite 
Abelian group. Then G is a direct product of cyclic groups of prime power order. 


We review two examples that show how this theorem leads to the classification of 
finite Abelian groups. In particular, this theorem allows us, for a given finite order n, to 
present a complete classification of Abelian groups of order n. 

Since all cyclic groups of order n are isomorphic to (Z,,+), Z, = Z/nZ, we will 
denote a cyclic group of order n by Z,,. 


Example 19.1.2. Classify all Abelian groups of order 60. Let G be an Abelian group of 
order 60. From Theorem 10.4.1, G must be a direct product of cyclic groups of prime 
power order. Now 60 = o8:, 5, so the only primes involved are 2, 3, and 5. Hence, the 
cyclic groups involved in the direct product decomposition of G have order either 2, 4, 
3, or 5 (by Lagrange’s theorem they must be divisors of 60). Therefore, G must be of the 
form 


G=Z,x Z3 x Zs, 
or 
G =Z, x Z, x Z3 x Zs. 


Hence, up to isomorphism, there are only two Abelian groups of order 60. 


Example 19.1.3. Classify all Abelian groups of order 180. Let G be an Abelian group of 
order 180. Now 180 = 27 - 3?- 5, so the only primes involved are 2, 3, and 5. Hence, the 
cyclic groups involved in the direct product decomposition of G have order either 2, 4, 
3, 9, or 5 (by Lagrange’s theorem they must be divisors of 180). Therefore, G must be of 
the form 


G=2Z,xZyx Zs 
G=Z,xZ,xZ,x Z, 
G=2Z,xZ3xZ3x Ze 
G=Z,x Z, x Z, x Z3 x Zs. 


Therefore, up to isomorphism, there are four Abelian groups of order 180. 
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The proof of Theorem 19.1.1 involves the lemmas that follow. We refer back to Chap- 
ter 10 or Chapter 18 for the proofs. Notice how these lemmas mirror the results for 
finitely generated modules over principal ideal domains considered in the last chap- 
ter. 


Lemma 19.1.4. Let G be a finite Abelian group, and let p||G|, where p is a prime. Then 
all the elements of G, whose orders are a power of p form a normal subgroup of G. This 
subgroup is called the p-primary component of G, which we will denote by G,. 


Lemma 19.1.5. Let G be a finite Abelian group of order n. Suppose that n = p;' --- p; with 
Py. --->Px distinct primes. 
Then 


where G,, is the p;-primary component of G. 


Theorem 19.1.6 (Basis theorem for finite Abelian groups). Let G be a finite Abelian group. 
Then G is a direct product of cyclic groups of prime power order. 


19.2 The Fundamental Theorem: p-Primary Components 


In this section, we use the fundamental theorem for finitely generated modules over 
principal ideal domains to extend the basis theorem for finite Abelian groups to the more 
general case of finitely generated Abelian groups. We also consider the decomposition 
into p-primary components, mirroring our result in the finite case. In the next section, 
we present a different form of the basis theorem with a more elementary proof. 

In Chapter 18, we proved the following: 


Theorem 19.2.1 (Fundamental theorem for finitely generated modules over principal ideal 
domains). Let R be a principal ideal domain and M # {0} be a finitely generated (uni- 
tary) R-module. Then there exist prime elements 7,...,71, € R, 0 < r < co and numbers 
k,,...,k, € N, t € Ng, such that 


M = R/(mt) @R/ (1,2) © @R/(m) @RO--- OR, 


t-times 


and M is, up to isomorphism, uniquely determined by (nl, vm, t). 


The prime elements 7; are not necessarily pairwise different (up to units in R); that 
means, it can be 7; = en; for i # j, where ¢ is a unit in R. 

Since Abelian groups can be considered as Z-modules, and Z is a principal ideal 
domain, we get the following corollary, which is extremely important in its own right. 
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Theorem 19.2.2 (Fundamental theorem for finitely generated Abelian groups). Suppose 
{0} # G = (G,+) Is a finitely generated Abelian group. Then there exist prime numbers 
Pp--->Pp 0ST < co, andnumbers k,,...,k, € IN, t € No, such that 


G=Z|(pi'Z)e---@Z/(peZ)eZe--eZ, 


t-times 


and G is, up to isomorphism, uniquely determined by (ph, 3 pe, t). 


Notice that the number t of infinite components is unique. This is called the rank or 
Betti number of the Abelian group G. This number plays an important role in the study 
of homology and cohomology groups in topology. 

IfG =ZxZx---x Z = Z for some r, we call G a free Abelian group of rank r. 
Notice that if an Abelian group G is torsion-free, then the p-primary components are just 
the identity. It follows that, in this case, G is a free Abelian group of finite rank. Again, 
using module theory, it follows that subgroups of this must also be free Abelian and of 
smaller or equal rank. Notice the distinction between free Abelian groups and absolutely 
free groups (see Chapter 14). In the free group case, a non-Abelian free group of finite 
rank contains free subgroups of all possible countable ranks. In the free Abelian case, 
however, the subgroups have smaller or equal rank. We summarize these comments as 
follows: 


Theorem 19.2.3. Let G # {0} be a finitely generated torsion-free Abelian group. Then G is 
a free Abelian group of finite rank r; that is, G = Z’. Furthermore, if H is a subgroup of G, 
then H is also free Abelian and the rank of H is smaller than or equal to the rank of G. 


19.3 The Fundamental Theorem: Elementary Divisors 


In this section, we present the fundamental theorem of finitely generated Abelian 
groups in a slightly different form, and present an elementary proof of it. 

In the following, G is always a finitely generated Abelian group. We use the addition 
“4” for the binary operation; that is, 


+:GxG->G, (%y) x+y. 


We also write ng instead of g”, and use 0 as the symbol for the identity element in G; 
that is,0+g = gforallg ¢ G.G = (8},...,g;), 0 < t < oo. That is, G is (finitely) 
generated by g,...,g;, is equivalent to the fact that each g € G can be written in the 
form g = N48) + MZ. +--+ + Ng, nN; € Z. A relation between the g; with coefficients 
Ny,...,N, is then each an equation of the form ng, + --- + n,g; = 0. A relation is called 
nontrivial if n; # 0 for at least one i. A system R of relations in G is called a system of 
defining relations, if each relation in Gis a consequence of R. The elements g;,..., g; are 
called integrally linear independent if there are no nontrivial relations between them. 
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A finite generating system {g;,...,2,} of Gis called a minimal generating system if there 
is no generating system with t — 1 elements. 

Certainly, each finitely generated group has a minimal generating system. In what 
follow, we always assume that our finitely generated Abelian group G is unequal {0}; 
that is, G is nontrivial. 

As above, we may consider G as a finitely generated Z-module, and in this sense, 
the subgroups of G are precisely the submodules. Hence, it is clear what we mean if we 
call G a direct product G = U, x --- x U, ofits subgroups U;,...,U,; namely, each g « G 
can be written as g = U, + U, +--- + U, With u; € U; and 


s 

un I] x) = {0}. 
jaijti 

To emphasize the little difference between Abelian groups and Z-modules, here we 


use the notation “direct product” instead of “direct sum”. Considered as Z-modules, for 
finite index sets I = {1,...,s}, we have anyway 


Finally, we use the notation Z,, instead of Z/nZ, n € IN. In general, we use Z,, to be 
a cyclic group of order n. 
The aim in this section is to prove the following: 


Theorem 19.3.1 (Basis theorem for finitely generated Abelian groups). Let G # {0} bea 
finitely generated Abelian group. Then G is a direct product 
GZ, X-++ x Zp XU, X+++ x U, 


9 


r>0,s > 0, of cyclic subgroups with |Z;,| = kj fort = 1,...,7, kilkiy, fori=1,...,.7-1 
and U; = Z for j =1,...,s. Here, the numbers k,,...,k;, r, and s are uniquely determined 
by G; that means, ifk},...,k/,r' ands! are the respective numbers for a second analogous 
decomposition of G, thenr =r', k, = kj,...,k, = kj, ands = s'. 


The numbers k; are called the elementary divisors of G. 

We can have r = 0, or s = 0 (but not both, because G # {0}). Ifs > 0,r = 0,thenGisa 
free Abelian group of rank s (exactly the same rank if you consider G as a free Z-module 
of rank s). If s = 0, then G is finite. In fact, s = 0 if and only if G is finite. 

We first prove some preliminary results: 


Lemma 19.3.2. Let G = (g),...,8;), t = 2, an Abelian group. 
Then also G = (g, + ys MiSis So ---> 8) for arbitrary m,...,m, € Z. 


Lemma 19.3.3. Let G be a finitely generated Abelian group. Among all nontrivial relations 
between elements of minimal generating systems of G, we choose one relation, 
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m8) +--+ M8, = 0 (x) 
with smallest possible positive coefficient, and let this smallest coefficient be m,. Let 
M81 +--+ + NS; = 0 (xx) 


be another relation between the same generators g,,...,;. Then 
() m,|n, and 
(2) m,|m; fori=1,2,...,t. 


Proof. For (1), assume m, + ny. Then ny = qm, + mj with 0 < mj < m,. If we multiply the 
relation (x) with g and subtract the resulting relation from the relation (« x), then we get 
a relation with a coefficient m{, < m,, contradicting the choice of m,. Hence, m,|nj. 

For (2), assume m, + my. Then my = qm, + mj with 0 < Mm) < My. {81 + 482 Bo. Si} 
is a minimal generating system, which satisfies the relation 


My (81 + 82) + Mz8o + Mz8z +--+ + MS; = 0, 


and this relation has a coefficient m, < m,. This again contradicts the choice of m. 
Hence, m,|m,, and furthermore, m,|m, for i =1,...,t. 


Lemma 19.3.4 (Invariant characterization of k,. for finite Abelian groups G). Consider the 
group G = Z,, x --- x Z, with Z,, finite cyclic of order k; = 2,i = 1,...,r and kj|kj,, for 
i=1,...,r—1. Thenk, is the smallest natural number n such that ng = 0 for allg ¢€ G. k, 
is called the exponent or the maximal order of G. 


Proof. Let g ¢ G arbitrary; that is, g = ng, + --- + n,8, with gj ¢ Z;,,. Then kg; = 0 for 
i=1,...,r by the theorem of Fermat. Since k;|k,, we get k,g = nk g,+---+n,k,g, = 0. Let 
aé Gwith Zk, = (a). Then the order of a is k, and, hence, na # 0 for all0 <n < k,. 


Lemma 19.3.5 (Invariant characterization of s). Let G = Z;, x---xZy. x U,x---x Uy, > 0, 
where the Z,, are finite cyclic groups of order k;, and the U; are infinite cyclic groups. Then, 
sis the maximal number of integrally linear independent elements of G; s is called the rank 
of G. 


Proof: Let g; € Uj, g; # 0, fori = 1,...,s. Then the g;,...,g, are integrally linear inde- 
pendent, because from ng) + --- + n.g, = 0, then; € Z, we get 


N81 € U,n (U, x +++ x Us) = {0}. 


Hence, ng, = 0; that is, n, = 0, because g; has infinite order. Analogously, we get n, = 
=n, =0. 
Let £),...,8s41 € G. We look for integers x,,...,X;,1, not all 0, such that a relation 


s+1 


i_1 XZ; = 0 holds. Let ZK, € (aj), U; = (bj). Then we may write each g; as 
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i = MyQy + +++ + My G, + Nyby +--+ + Nigdy 
fori=1,...,5+1, where mja; € Z and nj,b; € U;. 


yd 


Case 1: all mya; = 0. Then yet! xg; = 0 is equivalent to 


s+1 s Ss (stl 
5 x( nbs) = ¥(3 nos = 0. 
i=1 \j=1 j=t\i=1 
The system a njX; = 0,j = 1,...,8, of linear equations has at least one nontrivial ra- 
tional solution (x;,...,X,;,,), because we have more unknowns than equations. Multipli- 
cation with the common denominator gives a nontrivial integral solution (x;,...,Xs544) € 
Z5**, For this solution, we get 


s+1 


¥ XiSi = 0. 
il 


Case 2: mya, arbitrary. Let k # 0 be a common multiple of the orders k; of the cyclic 


groups Zio] =1,...,r. Then 
kg; = mj, ka,+--- + mj;,kKa, +nykb, +--+ + niskbs 
=0 =0 
fori=1,...,5+1.Bycase 1, the kg),...,kg,,, are integrally linear dependent; that is, we 


have integers x,,...,X,,, not all 0, with YS" x;(kg;) = 0 = Ys O¢k)g;, and the x,k are 
not all 0. Hence, also g},...,25,, are integrally linear dependent. 


Lemma 19.3.6. Let G := Zp x +++ x Zp = Zp X +++ x Ly, = G', the Z;, 2x cyclic groups 
of orders k; # land kj # 1, respectively, and kjlk;,1 for i = 1,...,r — Land kj|k;,, for 
j=1...,r’ -1.Thenr =r’, andk, = kj, ky =kj,...,k, =k. 


Proof. We prove this lemma by induction on the group order |G| = |G’|. Certainly, 
Lemma 19.3.6 holds if |G| < 2, because then, either G = {0}, andherer = r’ = 0, or 
G = Zy, andherer = r’ = 1. Now let |G| > 2. Then, in particular, r > 1. Inductively we 
assume that Lemma 19.3.6 holds for all finite Abelian groups of order less than |G|. By 
Lemma 19.3.4 the number Kk, is invariantly characterized, that is, from G = G’ follows 
k, = k,, that is especially, Z,, = Zj.,.Then G/Z,, = G/Z;,,, thatis, 


By, Xo Ly Gg = Lee more Lie 


-1 


Inductively, r-1 =r’ —1; thatis,r =r’, and k, = kj,...,k,4 =k. 


We can now present the main result, which we state again, and its proof. 


Theorem 19.3.7 (Basis theorem for finitely generated Abelian groups). Let G # {0} bea 
finitely generated Abelian group. Then G is a direct product 
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GHZ, xX-+x Zp xU,x--+x Us, r20,s20, 

of cyclic subgroups with |Z;,| = kj fort =1,...,1, kilki,, fori =1,...,7-1, and U; = Z for 
j =1,...,s. Here, thenumbers k,,...,k,,r, and s are uniquely determined by G; that means, 
are kj,...,kj,r’, and s', the respective numbers for a second analogous decomposition 
of G. Thenr =r’, ky =kj,...,k, = kj, ands =s'. 

Proof. We first prove the existence of the given decomposition. Let G # {0} be a finitely 
generated Abelian group. Let t, 0 < t < oo, be the number of elements in a minimal 
generating system of G. We have to show that G is decomposable as a direct product of 
t cyclic groups with the given description. We prove this by induction on t. If t = 1, then 
the basis theorem is correct. Now let t > 2, and assume that the assertion holds for all 
Abelian groups with less then t generators. 

Case 1: There does not exist a minimal generating system of G, which satisfies a 
nontrivial relation. Let {g),...,g,} be an arbitrary minimal generating system for G. Let 
U; = (g;). Then all U; are infinite cyclic, and we have G = U, x --- x U;, because if, for 
instance, U, n (U, +---+U;,) # {0}, then we must have a nontrivial relation between the 
Ep-- 8 

Case 2: There exist minimal generating systems of G, which satisfy nontrivial rela- 
tions. Among all nontrivial relations between elements of minimal generating systems 
of G, we choose one relation, 


M8, +--+ + MS, = 0 (x) 


with smallest possible positive coefficient. Without loss of generality, let m, be this coef- 
ficient. By Lemma 19.3.3, we get m, = quM,,...,M; = q,M,. Now, 


t 
\« + Yar ae-a| 
i=2 


is a minimal generating system of G by Lemma 19.3.2. Define h, = g; + YL, qigi, then 
mh, = 0. If nh, + nog. +--+ 14g; = 0 is an arbitrary relation between hy, g5,...,8;, 
then m,|n, by Lemma 19.3.3; hence, n,h, = 0. Define H, := (h,), and G’ = (g,...,g;). 
Then G = H, x G’. This we can see as follows: First, each g ¢ G can be written as g = 
myhy+mgo+---+Mg; = mh, +g' with g’ < G'.AlsoH,nG' = {0}, because mh, = g’ ¢ G’ 
implies a relation nh, +n,g,+---+n,g; = 0, and from this we get, as above, n,h, = g’ = 0. 
Now, inductively, G’ = Zh, X11 X Ze, x Ux +++ x Uz with Z;, a cyclic group of order k;, 
i=2,...,r,K|kj,,, fori =2,...,r-2, U; = Zforj =1,...,s,and(r—1)+s=t-1; thatis, 
r+s = t. Furthermore, G = H,xG’, where H, is cyclic of order m,.Ifr > 2 and Zx, = (hy), 
then we get a nontrivial relation 


mh, + kyhy = 0, 
=0 =0 


since k, # 0. Again m,|k, by Lemma 19.3.3. This gives the desired decomposition. 
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We now prove the uniqueness statement. 

Case 1: G is finite Abelian. Then the claim follows from Lemma 19.3.6. 

Case 2: Gis arbitrary finitely generated and Abelian. Let T := {x € G: |x| < oo}; that 
is, the set of elements of G of finite order. Since G is Abelian, T is a subgroup of G, the so 
called torsion subgroup of G. If, as above, 


G=Zy, X+++X Zp XU, X-+- x Us, 


then T = Z,, x --- x Z,, because an element b, + --- +b, +c, +--+ C5, b; € Zy, 
c € U; has finite order if and only if all c; = 0. That means: Z,, x --- x Z,_ is indepen- 
dent of the special decomposition, uniquely determined by G; hence, also the numbers 
r, k,,...,k, by Lemma 19.3.6. Finally, the number s, the rank of G, is uniquely determined 
by Lemma 19.3.5. 


As a corollary, we get the fundamental theorem for finitely generated Abelian 
groups as given in Theorem 19.2.1. 


Theorem 19.3.8. Let {0} # G = (G,+) be a finitely generated Abelian group. Then there 
exist prime numbers py,...,P;,0 <1 < co, and numbers ky,...,k, € IN, t € No such that 


GHZuX-XZnxZx:::-xZ, 
P; pe ate 


t-times 


and G is, up to isomorphism, uniquely determined by (pi bak pe, t). 


Proof. For the existence, we only have to show that Zj, = Z» x Z, if gcd(m,n) = 1. 
For this, we write U, = (m+mnZ) < Zyy, Um = (n+nMZ) < Zyy, and U,N Um = 
{mnZ}, because gcd(m, n) = 1. Furthermore, there are h, k ¢ Z with 1 = hm+ kn. Hence, 
l+mnZ = hlm+mnZ + kin + mnZ, and therefore Zinn = Un X Um = Zn X Zm.- 

For the uniqueness statement, we may reduce the problem to the case |G| = p* fora 
prime number p andk ¢€ N. But here the result follows directly from Lemma 19.3.6. 


From this proof, we automatically get the Chinese remainder theorem for the case 
Zn = Z[nZ. 


Theorem 19.3.9 (Chinese remainder theorem). Let m,,...,m, € IN withr > 2 and 

gcd(m;, m;) = 1, for i # j. Define m := m,---m,. 

(Q) 1: 2m > Lm, X01 X Lm a+MZ > (a+mMZ,...,a+m,Z), defines a ring isomor- 
phism. 

(2) The restriction of on the multiplicative group of the prime residue classes defines a 
group isomorphism Zy, > Zm, x --- x Zim, 

(3) For da,,...,a, € Z, there exists modulo m exactly one x € Z with x = a; (mod m;) for 
(i ee 6 


Recall that for k € N, a prime residue class is defined by a + kZ with gcd(a, k) = 1. 
The set of prime residue classes modulo k is certainly a multiplicative group. 
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Proof. By Theorem 19.3.1, we get that 7 is an additive group isomorphism, which can be 
extended directly to a ring isomorphism via 


(a+mZ)(b+mZ) — (ab+m,Z,...,ab+m,Z). 


The remaining statements are now obvious. 


Let A(n) be the number of nonisomorphic finite Abelian groups that have order 
n= pe Be ae r > 1, with pairwise different primes p,,...,p, and k,,...,k, € IN. By 
Theorem 19.2.2, we have A(n) = A(p) -A(p’’). Hence, to calculate A(n), we have to 
calculate A(p™) for a prime number p and a natural number m ¢ N. Again, by Theo- 
rem 19.2.2, we get G = Zym, X +++ x Zym, all m; > 1, if G is Abelian of order p™. If we 
compare the orders, we get m = m, + --- + m,. We may order the m; by size. A k-tuple 
(m,...,M,) with 0 < m, < Mm, <---<m,andm,+m,+---+m, = mis called a partition 
of m. From above, each Abelian group of order p” gives a partition (m,,...,m,) of m for 
some k with 1 < k < m. On the other hand, each partition (m,,...,™m,) of m gives an 
Abelian group of order p™, namely Zpm, X+++X LZym,. Theorem 19.2.2 shows that different 
partitions give nonisomorphic groups. If we define p(m) to be the number of partitions 
of m, then we get the following: A(p™) = p(m), and Alp! see pi) = p(k,)--- p(k,). 


19.4 Exercises 


1. Let H bea finite generated Abelian group, which is the homomorphic image of a 
torsion-free Abelian group of finite rank n. Show that H is the direct sum of < n 
cyclic groups. 

2. Determine (up to isomorphism) all groups of order p” (p prime) and all Abelian 
groups of order < 15. 

3. Let Gbean Abelian group with generating elements a,,...,a, and defining relations 


5a, + 4A) + a3 + 5a, = 0 
7d, + 6a, + 5az + lla, = 0 
2d, + 2a, + 10a3 + 12a, = 0 
10a, + 8a, — 4a3 + 4a, = 0. 
Express G as a direct product of cyclic groups. 
4. Let G be a finite Abelian group and u = |],<¢g, the product of all elements of G. 


Show: If G has exactly one element a of order 2, then u = a, otherwise u = e. 
Conclude from this the theorem of Wilson: 


(p-1)! =-1((modp)) for each prime p. 


5. Let p bea prime and Ga finite Abelian p-group; that is, the order of all elements of 
G is finite and a power of p. Show that G is cyclic, if G has exactly one subgroup of 
order p. Is the statement still correct if G is not Abelian? 


20 Integral and Transcendental Extensions 


20.1 The Ring of Algebraic Integers 


Recall that a complex number a is an algebraic number if it is algebraic over the rational 
numbers Q. That is, a is a zero of a polynomial p(x) € Q[x]. Ifa € C is not algebraic, 
then it is a transcendental number. 

We will let A denote the totality of algebraic numbers within the complex num- 
bers C, and 7 the set of transcendentals, so that C = AUT. The set A is the algebraic 
closure of Q within C. 

The set A of algebraic numbers forms a subfield of C (see Chapter 5), and the subset 
A! = ANR of real algebraic numbers forms a subfield of R. The field A is an algebraic 
extension of the rationals Q. However, the degree is infinite. 

Since each rational is algebraic, it is clear that there are algebraic numbers. Fur- 
thermore, there are irrational algebraic numbers, v2 for example, since it is a zero of 
the irreducible polynomial x” - 2 over Q. In Chapter 5, we proved that there are un- 
countably infinitely many transcendental numbers (Theorem 5.5.3). However, it is very 
difficult to prove that any particular real or complex number is actually transcendental. 
In Theorem 5.5.4, we showed that the real number 


is transcendental. 

In this section, we examine a special type of algebraic number called an algebraic 
integer. These are the algebraic numbers that are zeros of monic integral polynomials. 
The set of all such algebraic integers forms a subring of C. The proofs in this section can 
be found in [53]. 

After we do this, we extend the concept of an algebraic integer to a general con- 
text and define integral ring extensions. We then consider field extensions that are 
nonalgebraic—transcendental field extensions. Finally, we will prove that the familiar 
numbers e and 7 are transcendental. 


Definition 20.1.1. An algebraic integer is a complex number a, that is, a zero of a monic 
integral polynomial. That is, a € C is an algebraic integer if there exists f(x) ¢ Z[x] with 
f(x) =x" 4D, 4x" 1 +--+ Do, b; € Z,n>=1, and f(a) = 0. 


An algebraic integer is clearly an algebraic number. The following are clear: 


Lemma 20.1.2. Ifa € C is an algebraic integer, then all its conjugates, a,,...,a,, over Q 
are also algebraic integers. 


Lemma 20.1.3. a € C is an algebraic integer if and only ifm, € Z[x]. 
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To prove the converse of this lemma, we need the concept of a primitive integral 
polynomial. This is a polynomial p(x) € Z[x] such that the GCD of all its coefficients is 1. 
The following can be proved (see exercises or Chapter 4): 

() Iff(x) and g(x) are primitive, then so is f(x)g(x). 
(2) Iff(x) € Z[x] is monic, then it is primitive. 
(3) If f(x) € Q[X], then there exists a rational number c such that f(x) = cf,(x) with 

f,(X) primitive. 


Now suppose f(x) € Z[x] is a monic polynomial with f(a) = 0. Let p(x) = m,(x). Then 
p(x) divides f(x) so f(x) = p(x)q(x). 

Let p(x) = cyp,(x) with p;(x) primitive, and let q(x) = c.q,(x) with q,(x) primitive. 
Then 


F(X) = cp,(X)q,.00. 


Since f(x) is monic, it is primitive; hence c = 1, so f(x) = p,(x)q,(x). 

Since p,(x), and q,(x) are integral and their product is monic, they both must be 
monic. Since p(x) = c,p;(x), and they are both monic, it follows that c, = 1. Hence, 
p(X) = p, (x). Therefore, p(x) = m,(x) is integral. 

When we speak of algebraic integers, we will refer to the ordinary integers as ratio- 
nal integers. The next lemma shows the close ties between algebraic integers and ratio- 
nal integers. 


Lemma 20.1.4. If a is an algebraic integer and also rational, then it is a rational inte- 
ger. 


The following ties algebraic numbers in general to corresponding algebraic integers. 
Notice that if q € Q, then there exists a rational integer n such that nq € Z. This result 
generalizes this simple idea. 


Theorem 20.1.5. If @ is an algebraic number, then there exists a rational integerr # 0 
such that ré is an algebraic integer. 


We saw that the set A of all algebraic numbers is a subfield of C. In the same manner, 
the set Z ofall algebraic integers forms a subring of A. First, an extension of the following 
result on algebraic numbers. 


Lemma 20.1.6. Suppose a,,...,a,, form the set of conjugates over Q of an algebraic inte- 
ger a. Then any integral symmetric function of a,,...,@, is a rational integer. 


Theorem 20.1.7. The set T of all algebraic integers forms a subring of A. 


We note that .A, the field of algebraic numbers, is precisely the quotient field of the 
ring of algebraic integers. 
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An algebraic number field is a finite extension of Q within C. Since any finite exten- 
sion of Q is a simple extension, each algebraic number field has the form K = Q(6) for 
some algebraic number 0. 

Let K = Q(@) be an algebraic number field, and let Ry = K NZ. Then Rx forms a 
subring of K called the algebraic integers, or integers of K. An analysis of the proof of 
Theorem 20.1.5 shows that each 6 ¢€ K can be written as 


witha € Ry andr € Z. 

These rings of algebraic integers share many properties with the rational integers. 
Whereas there may not be unique factorization into primes, there is always prime fac- 
torization. 


Theorem 20.1.8. Let K be an algebraic number field and Rx its ring of integers. Then each 
a € Rx is either 0, a unit, or can be factored into a product of primes. 


We stress again that the prime factorization need not be unique. However, from the 
existence of a prime factorization, we can extend Euclid’s original proof of the infinitude 
of primes (see [53]) to obtain the following: 


Corollary 20.1.9. There exist infinitely many primes in Rx for any algebraic number 
ring Rx. 


Just as any algebraic number field is finite-dimensional over Q, we will see that each 
Rx is of finite degree over Q. That is, if K has degree n over Q, we show that there exists 
W1,..+,@y in Rx such that each a € Rx is expressible as 


A=M,+-:-+M,, 


where m,,...,M,, € Z. 


Definition 20.1.10. An integral basis for Rx is a set of integers W,...,W,; € Ry such that 
each a € Rx can be expressed uniquely as 


A= MW, +++ + MW, 


where my,...,M; € Z. 


The finite degree comes from the following result that shows there does exist an 
integral basis (see [53]): 


Theorem 20.1.11. Let Rx be the ring of integers in the algebraic number field K of degree 
nover Q. Then there exists at least one integral basis for Rx. 
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20.2 Integral Ring Extensions 


We now extend the concept of an algebraic integer to general ring extensions. We first 
need the idea of an R-algebra, where R is a commutative ring with identity 1 + 0. 


Definition 20.2.1. Let R be a commutative ring with an identity 1 # 0. An R-algebra or 
algebra over R is a unitary R-module A, in which there is an additional multiplication 
such that the following hold 

(1) Aisaring with respect to the addition and this multiplication. 

(2) (rx)y = x(ry) = r(xy) forallr ¢ Rand x,y € A. 


As examples of R-algebras, first consider R = K, where K is a field, set A = M(n,K), 
the set of all (n x n)-matrices over K. Then M(n, K) is a K-algebra. Furthermore, the set 
of polynomials K [x] is also a K-algebra. 

We now define ring extensions. Let A be a ring, not necessarily commutative, with 
an identity 1 # 0, and R be a commutative subring of A, which contains 1. Assume that 
R is contained in the center of A; that is, rx = xr for allr « Rand x € A. We then call A 
aring extension of R and write A|R. If A|R is a ring extension, then A is an R-algebra ina 
natural manner. 

Let A be an R-algebra with an identity 1 + 0. Then we have the canonical ring homo- 
morphism ¢: R > A,r+> r-1.The image R’ := @(R) is a subring of the center of A, and 
R' contains the identity element of A. Then A|R’ is a ring extension (in the above sense). 
Hence, if A is a R-algebra with an identity 1 # 0, then we may consider R as a subring of 
A and AJR as a ring extension. 

We now will extend to the general context of ring extensions the ideas of integral 
elements and integral extensions. As above, let R be a commutative ring with an identity 
1 # 0, and let A be an R-algebra. 


Definition 20.2.2. An element a € Ais said to be integral over R, or integrally dependent 
over R, if there is a monic polynomial f(x) = x" + d,_1x" 1 +--+ + aq € R[x] of degree 
n > lover Rwith f(a) = a" +a,_,a"' +--+ + dp = 0. That is, ais integral over Rifitisa 
zero of a monic polynomial of degree > 1 over R. 

An equation that an integral element satisfies is called integral equation ofa over R. 
If A has an identity 1 # 0, then we may write a° = 1and ae a,a' with a, = 1. 


Example 20.2.3. 1. Let E|K bea field extension. a € E is integral over K if and only if 
ais algebraic over K. If K is the quotient field of an integral domain R, anda «€ E 
is algebraic over K. Then there exists an a € R with aa integral over R, because if 
0 = a,a" + --- + dp, thus, 0 = (a,a)" +--- +a “ap. 

2. The elements of C, which are integral over Z are precisely the algebraic integers 
over Z, that is, the zeros of monic polynomials over Z. 


Theorem 20.2.4. Let R be as above and A an R-algebra with an identity 1 # 0. IfA is, as 
an R-module, finitely generated, then each element of A is integral over R. 
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Proof: Let {b,,...,b,,} bea finite generating system of A, as an R-module. We may assume 
that b, = 1, otherwise add 1 to the system. As explained in the preliminaries, without 
loss of generality, we may assume that R c A. Let a € A. For each 1 <j < n, we have an 
equation ab; = baal a,b, for some aj; € R. In other words, 


n 
Y (aig — bj @)b;, = 0 (xx) 
k=1 
for j =1,...,n, where 
0 ifj#k, 
ee a aa 
1 ifj=k. 


Define yj, = Ajj — 5,4 and C = (Yjx)j,¢- C is an (n x n)-matrix over the commutative ring 
R{a]. Recall that R[a] has an identity element. Let C = (Vix)jx be the complementary 


matrix of C (see for instance [9]). Then CC = (det C)E,. From (« x), we get 


n neon n 
0=) n( Y yu = VY pyVjede = Yet C)Sjcb, = (det C)b; 
=| kat 


for all 1 < i < n. Since b, = 1, we have necessarily that detC = det(aj, — 6;,a);, = 0 
(recall that Sik = 544). Hence, a is a zero of the monic polynomial f(x) = det(dj,x - i) 
in R[x] of degree n > 1. Therefore, a is integral over R. 


Definition 20.2.5. A ring extension A|R is called an integral extension if each element of 
A is integral over R. A ring extension A|R is called finite if A, as a R-module, is finitely 
generated. 


Recall that finite field extensions are algebraic extensions. As an immediate conse- 
quence of Theorem 20.2.4, we get the corresponding result for ring extensions. 


Theorem 20.2.6. Each finite ring extension A|R is an integral extension. 


Theorem 20.2.7. Let A be an R-algebra with an identity 1 # 0. Ifa € A, then the following 

are equivalent: 

(1) ais integral over R. 

(2) The subalgebra R{a] is, as an R-module, finitely generated. 

(3) There exists a subalgebra A' of A, which contains a, and which is, as an R-module, 
finitely generated. 


A subalgebra of an algebra over R is a submodule, which is also a subring. 


Proof. (1) implies (2): We have R[a] = {g(a) : g € R[x]}. Let f(a) = 0 be an integral 
equation of a over R. Since f is monic, by the division algorithm, for each g € R[x], there 
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are h,r € R[x] with g =h-f+randr = 0, orr # 0 and deg(r) < deg(f) =: n. Letr # 0. 
Since g(a) = r(a), we get that {1, a,...,a"‘}is a generating system for the R-module R[a]. 
(2) implies (3): Take A’ = R[a]. 
(3) implies (1): Use Theorem 20.2.4 for A’. 


For the remainder of this chapter, all rings are commutative with an identity 1 # 0. 


Theorem 20.2.8. Let A|R and BIA be finite ring extensions. Then also B\R is finite. 


Proof: FromA = Re, +---+Re,,and B = Af, +---+Af,, we get B = Reyf, +---+Renfy. 


Theorem 20.2.9. Let A|R be a ring extension. Then the following are equivalent: 
(1) There are finitely many, over R integral elements ay,...,@, in A such that 


A=R[q,...,Q,y]. 
(2) AIR is finite. 


Proof: (2) = (1): We only need to take for a,,...,a,, a generating system of A as an 
R-module, and the result holds, because A = Ra, + --- + Ra,, and each q; is integral 
over R by Theorem 20.2.4. 

(1) = (2): We use induction for m. If m = 0, then there is nothing to prove. Now let 
m > 1, and assume that (1) holds. Define A’ = R[qy,...,@m_;]. Then A = A’ [ap], and ap, 
is integral over A’. A|A’ is finite by Theorem 20.2.7. By the induction assumption, A’ |R is 
finite. Then A|R is finite by Theorem 20.2.8. 


Definition 20.2.10. Let A|R be a ring extension. Then the subset 
C ={aeéA: aisintegral over R} cA 


is called the integral closure of R in A. 


Theorem 20.2.11. Let A|R be a ring extension. Then the integral closure of R in A is a 
subring of A with R c A. 


Proof. R c C, because a ¢€ Ris a zero of the polynomial x — a. Let a, b € C. We consider 
the subalgebra R[a, b] of the R-algebra A. R[a,b]|R is finite by Theorem 20.2.9. Hence, 
by Theorem 20.2.4, all elements from R[a, b] are integral over R; that is, R[a,b] ¢c C.In 
particular, a + b, a — b, and ab are in C. 


We extend to ring extensions the idea of a closure: 


Definition 20.2.12. Let A|R a ring extension. R is called integrally closed in A, if R itself 
is its integral closure in R; that is, R = C, the integral closure of R in A. 


Theorem 20.2.13. For each ring extension A|R, the integral closure C of R in A, is inte- 
grally closed in A. 
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Proof. Let a ¢ Abe integral over C. Then a" + a,_,a" 1 +--- +a) = 0 for some q; € C, 
n > 1. Then ais also integral over the R-subalgebra A’ = R[do,...,@,_4] of C, and A’|R 
is finite. Furthermore, A’ [a]|A is finite. Hence, A’ [a]|R is finite. By Theorem 20.2.4, then 
a ¢ A’[a] is already integral over R, that is, a € C. 


Theorem 20.2.14. Let A|R and B|A be ring extensions. If A|R and B\A are integral exten- 
sions, then also B|R is an integral extension (and certainly vice versa). 


Proof. Let C be the integral closure of R in B. We have A c C, since AIR is integral. 
Together with BIA, we also have that BIC is integral. By Theorem 20.2.13, we get that C is 
integrally closed in B. Hence, B = C. 


We now consider integrally closed integral domains. 


Definition 20.2.15. An integral domain R is called integrally closed if R is integrally 
closed in its quotient field K. 


Theorem 20.2.16. Each unique factorization domain R is integrally closed. 


Proof. Leta € K anda = ; witha, b € R,a # 0. Since Ris a unique factorization domain, 
we may assume that a and b are relatively prime. Let a be integral over R. Then we have 
over Ran integral equation a"+a,_,a"1+---+d,) = 0 for a. Multiplication with b" gives 
a" + bay_,++--+b"dg = 0. Hence, b is a divisor of a”. Since a and D are relatively prime 
in R, we have that b is a unit in R. Hence, a = ; ER. 


Theorem 20.2.17. Let R be an integral domain and K its quotient field. Let E\K be a finite 
field extension. Let R be integrally closed and a «€ E integral over R. Then the minimal 
polynomial g € K[x] of a over K has only coefficients of R. 


Proof. Let g € K[x] be the minimal polynomial of a over K (recall that g is monic by 
definition). Let FE be an algebraic closure of E. Then g(x) = (x—a,)---(x-a,) witha, =a 
over E. There are K-isomorphisms og; : K(a) — E with o;(a) = a;. Hence, all a; are also 
integral over R. Since all coefficients of g are polynomial expressions C;(a,,...,@,) in 
the a;, we get that all coefficients of g are integral over R (see Theorem 20.2.11). Now 
g € R[x], because g € K[x], and R is integrally closed. 


Theorem 20.2.18. Let R be an integrally closed integral domain and K its quotient field. 
Let f,g,h € K[x] be monic polynomials over K with f = gh. 
Iff € R[x], then also g,h € R[x]. 


Proof: Let E be the splitting field of f over K. Over E, we have f(x) = (x - ay)--- (x - 
a,). Since f is monic, all a, are integral over R (see the proof of Theorem 20.2.17). Since 
f = gh, there are I,J c {1,...,n} with g(x) = [Ties — aj) and h(x) = []jez(x - q). As 
polynomial expressions in the qj, i ¢ I, and aj,j < J, respectively, the coefficients of g 
and h, respectively, are integral over R. On the other hand, all these coefficients are in K, 
and R is integrally closed. Hence, g,h € R[x]. 
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Theorem 20.2.19. Let E|R be an integral ring extension. IfE is a field, then also Ris a field. 
Proof. Let a € R \ {0}. The element 1 € E satisfies an integral equation 
n-1 


+" 1 
i + An-4 a +++ Q =0 


over R. Multiplication with a”! gives 


1 = 
36 de te Sa eR. 
a 


Hence, R is a field. 


20.3 Transcendental Field Extensions 


Recall that a transcendental number is an element of C that is not algebraic over Q. 
More generally, if E|K is a field extension, then an element a ¢ E is transcendental over 
K if it is not algebraic; that is, it is not a zero of any polynomial f(x) € K[x]. Since fi- 
nite extensions are algebraic, clearly E|K will contain transcendental elements only if 
[E : K] = oo. However, this is not sufficient. The field A of algebraic numbers is algebraic 
over Q, but infinite dimensional over Q. We now extend the idea of a transcendental 
number to that of a transcendental extension. 

Let K c E be fields; that is, E|K is a field extension. Let M be a subset of E. The 
algebraic cover of M in E is defined to be the algebraic closure H(M) of K(M) in E; that 
is, Hy -(M) = H(M) = {a « E: a algebraic over K(M)}. 

H(M) isa field with K c K(M) c H(M) c E.a € Eis called algebraically dependent 
on M (over K) if a €¢ H(M); that is, if a is algebraic over K(M). 

The following are clear: 

1 McH(M), 
2. M cM’ implies H(M) c H(M'), and 
3. H(H(M)) = H(M). 


Definition 20.3.1. (a) M is said to be algebraically independent (over K)ifa ¢ H(M\{a}) 
for all a € M; that is, if each a € M is transcendental over K(M \ {a}). 
(b) M is said to be algebraically dependent (over K)if M is not algebraically independent. 


The proofs of the statements in the following lemma are straightforward: 


Lemma 20.3.2. (1) M is algebraically dependent if and only if there exists ana € M, 
which is algebraic over K(M \ {a}). 

(2) Leta eM. Thena « H(M \ {a}) = H(M) = H(M \ {a}). 

(3) Ifa ¢ M and ais algebraic over K(M), then M u {a} is algebraically dependent. 
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(4) M is algebraically dependent if and only if there is a finite subset in M, which is alge- 
braically dependent. 

(5) M is algebraically independent if and only if each finite subset of M is algebraically 
independent. 

(6) M is algebraically independent if and only if the following holds: If a,,...,@, are 
finitely many, pairwise different elements of M, then the canonical homomorphism 
@ : K[X...5Xn] 2 E, f%Gs.-.5Xp) 2 f(Qy...,Q,) is injective; or in other words, 
for allf € K[x,,...,X;,], we have that f = 0 iff(a,,...,a,) = 0. That is, there is no 
nontrivial algebraic relation between the a,,...,Q, over K. 

(7) LetM c E,a€ E.IfM is algebraically independent and M u {a} algebraically depen- 
dent, then a € H(M); that is, a is algebraically dependent on M. 

(8) Let M c E,B c M. IfB is maximal algebraically independent, that is, ifa ¢ M \ B, 
then B U {a} is algebraically dependent, thus M c H(B). That is, each element of M is 
algebraic over K(B). 


We will show that any field extension can be decomposed into a transcendental 
extension over an algebraic extension. We need the idea of a transcendence basis. 


Definition 20.3.3. B c E is called a transcendence basis of the field extension E|K if the 
following two conditions are satisfied: 

1. E = H(B), that is, the extension E|K(B) is algebraic. 

2. Bis algebraically independent over K. 


Theorem 20.3.4. IfB c E, then the following are equivalent: 

(1) Bis atranscendence basis of E|\K. 

(2) IfB cM c Ewith H(M) = E, then B is a maximal algebraically independent subset 
of M. 

(3) There exists a subset M c E with H(M) = E, which contains B as a maximal alge- 
braically independent subset. 


Proof: (1) implies (2): Let a €¢ M \ B. We have to show that BU {a} is algebraically depen- 
dent. But this is clear, because a ¢ H(B) = E. 
(2) implies (3): We just take M = E. 
(3) implies (1): We have to show that H(B) = E. Certainly, M c H(B). 
Hence, E = H(M) c H(H(B)) = H(B) c E. 


We next show that any field extension does have a transcendence basis: 


Theorem 20.3.5. Each field extension E|K has a transcendence basis. More concretely, if 
there is a subset M c E such that E|K(M) is algebraic and if there is a subset C c M, 
which is algebraically independent, then there exists a transcendence basis B of E|K with 
CcBcM. 
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Proof. We have to extend C to a maximal algebraically independent subset B of M. By 
Theorem 20.3.4, such a B is a transcendence basis of E|K. If M is finite, then such a B 
certainly exists. Now let M be not finite. We argue analogously as for the existence of a 
basis of a vector space, for instance, with Zorn’s lemma: If a partially ordered, nonempty 
set S is inductive, then there exist maximal elements in S. Here, a partially ordered, 
nonempty set S is said to be inductive if every totally ordered subset of S has an upper 
bound in S. The set N of all algebraically independent subsets of M, which contain C 
is partially ordered with respect to “c”, and N # 0, because C « N. Let K # ®@ be an 
ascending chain in N; that is, given an ascending chain 9 # Y, c Y) c ---in N. The 
union U = Uvex Y is also algebraically independent. Hence, there exists a maximal 
algebraically independent subset B c M with C c B. 


Theorem 20.3.6. Let E|K be a field extension and M a subset of E, for which E|K(M) is 
algebraic. Let C be an arbitrary subset of E, which is algebraically independent on K. Then 
there exists a subset M' c M withC 1 M' = @ such that C U M' is a transcendence basis 
of E\K. 


Proof. Take M UC, and define M’ := B \ C in Theorem 20.3.5. 


Theorem 20.3.7. Let B,B’ be two transcendence bases of the field extension E|K. Then 
there is a bijection @ : B — B’. In other words, any two transcendence bases of E|K have 
the same cardinal number. 


Proof. (a) If B is a transcendental basis of E|K and M is a subset of E such that E|K(M) 
is algebraic, then we may write B = (J <j; B, with finite sets B,. In particular, if B is 
infinite, then the cardinal number of B is not bigger than the cardinal number of M. 

(b) Let B and B’ be two transcendence bases of E|K. If B and B’ are both infinite, 
then B and B’ have the same cardinal number by (a) and the theorem by Schroeder— 
Bernstein [10]. We now prove Theorem 20.3.7 for the case that E|K has a finite transcen- 
dence basis. Let B be finite with n elements. Let C be an arbitrary algebraically inde- 
pendent subset in E over K with m elements. We show that m < n. Let C = {Q,...,Qm} 
with m = n. We show, by induction, that for each integer k, 0 < k < n, there are subsets 
B 2 B, 2--: 2 B, of B such that {a,,...,a,} UB, is a transcendence basis of E|K, and 
{ay,...,Q,} NB, = 0. For k = 0, we take By = B, and the statement holds. Assume now 
that the statement is correct for 0 < k < n. By Theorems 20.3.4 and 20.3.5, there is a 
subset By, of {a,,...,a;,} U B, such that {a,,..., 41} U By,; is a transcendence basis of 
E|K, and {a,..., 44} N By, = 0. Then necessarily, B;,,, ¢ B,. Assume B, = By, 1. Then 
on the one hand, B, U {a;,..., 44} is algebraic independent because B, = B,,;. On the 
other hand, also B, U {a,...,@;} U {a,,1} is algebraically dependent, which gives a con- 
tradiction. Hence, B;,, ¢ B,. Now B; has at most n— k elements. Therefore, B,, = 9; that 
is, {@,,...,@,} = {ay,...,@,}UB, is a transcendence basis of E|K. Because C = {ay,..., Qn} 
is algebraically independent, we cannot have m > n. Thus, m < n, and Band B’ have the 
same number of elements, because B’ must also be finite. 
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Since the cardinality of any transcendence basis for a field extension E|K is the 
same, we can define the transcendence degree. 


Definition 20.3.8. The transcendence degree trgd(E|K) of a field extension is the cardi- 
nal number of one (and hence of each) transcendence basis of E|K. A field extension E|K 
is called purely transcendental, if E\K has a transcendence basis B with E = K(B). 


We note the following facts: 

(1) If£|K is purely transcendental and B = {a,,...,a,,} is a transcendence basis of E|K, 
then E is K-isomorphic to the quotient field of the polynomial ring K[x;,...,X,] of 
the independence indeterminates Xj, ..., Xj. 

(2) K is algebraically closed in E if E|K is purely transcendental. 

(3) By Theorem 20.3.4, the field extension E|K has an intermediate field F, K c F c 
E, such that F|K is purely transcendental, and E|F is algebraic. Certainly F is not 
uniquely determined. 

For example, take Q c F c Q(i,7), and for F, we may take F = Q(z), and also 
F = Q(iz), for instance. 

(4) trgd(R|Q) = trgd(C|Q) = card R, the cardinal number of R. This holds, because the 

set of the algebraic numbers (over Q) is countable. 


Theorem 20.3.9. Let E|K be a field extension and F an arbitrary intermediate field, that 
is, K c F c E. Let B be a transcendence basis of F|K and B' a transcendence base of E|F. 
Then Bn B' = @, and BUB' is a transcendence basis of E|K. 

In particular, trgd(E|K) = trgd(E|F) + trgd(F|K). 


Proof. (1) Assume a ¢ BN B’. As an element of F, then a is algebraic over F(B’) \ {a}. But 
this gives a contradiction, because a ¢ B’, and B’ is algebraically independent over F. 

(2) F|K(B) is an algebraic extension, and also F(B’)|K(B U B’) = K(B)(B’). Since the 
relation “algebraic extension” is transitive, we have that E|K(B u B’) is algebraic. 

(3) Finally, we have to show that B UB’ is algebraically independent over K. By The- 
orems 20.3.5 and 20.3.6, there is a subset B” of BUB’ with Bn B” = @ such that BUB” is 
a transcendence basis of E|K. We have B” c B’, and have to show that B’ c B’’. Assume 
that there is an a ¢ B’ with a ¢ B”. Then ais algebraic over K(B UB”) = K(B)(B"), and 
hence algebraic over F(B’’). Since B” ¢ B’, we have that a is algebraically independent 
over F, which gives a contradiction. Hence, B” = B’. 


Theorem 20.3.10 (Noether’s normalization theorem). Let K beafieldandA=K[q,,..., Ay). 

Then there exist elements U,,...,U,,0<m <n, inA with the following properties: 

(1) K[u,,...,U,,] is K-isomorphic to the polynomial ring K[X;,...,Xm] of the independent 
indeterminates X1,...,Xm- 

(2) The ring extension A|K[uU,,...,U,,] is an integral extension, that is, for each 


acA\K[wW,...,Un] 
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there exists a monic polynomial 
F(X) =X" + dy gx $+ +g € K[Up 5 Um LX] 
of degree n > 1 with 
f(@ =a" +a, 40" +--+ +a =0. 


In particular, A|K[u,,..., Um] is finite. 


Proof. Without loss of generality, let the a,,...,a, be pairwise different. We prove the 
theorem by induction on n. If n = 1, then there is nothing to show. Now, let n > 2, 
and assume that the statement holds for n — 1. If there is no nontrivial algebraic re- 
lation f(a,,...,d,) = 0 over K between the aj,,...,a@,, then there is nothing to show. 
Hence, let there exist a polynomial f ¢ K[x;,...,x,] with f # 0 and f(a,,...,a,) = 0. Let 
T= Deo iG “xy”. Let Uy, U3... +, be natural numbers, which we specify later. 


Sip 


Define b, = a , bs = a3 — a)’,...,Dy = dy — a)". Then a; = bj + at! for2<i<n, 
hence, f (a,b, + ai? yents Dpdt Gee = 0. We write R := Kx, ...)X,] and consider the poly- 
nomial ring R[y2,..., Yn] of the n — 1 independent indeterminates y.,...,y, over R. In 
R[y2, .-- Yn], we consider the polynomial f (x;, yz +x? Pee a a We may rewrite this 


polynomial as 


Vy t+ Uy Vote+ 
¥ Gx UpV2t-"+UnV, 4 OG, esd devn) 


V=(Vy5.25Vy) 


with a polynomial g(x,,y2,...,¥,), for which, as a polynomial in x, over K[y2,...,Ynl, 
the degree in x, is smaller than the degree of Yy_(,.y,) yxy)?" "™"", provided that 
we may choose the fy,..., 4, In such a way that this really holds. We now specify the 
Lys .- +> lly. We write Wl := (1, My,...,Hn), and define the scalar product wv = 1- vy + UyV2 + 
+++ UnVn. Choose p € IN with p > deg(f) = max{v, +---+ Vv, : Cc, # 0}. We now take 
= (1p,p’,...,p""). Ifv = (vy,...,V_) with c, # O and v’ = (vj,...,v),) with c), # 0 are 
different n-tuples then indeed mv # uv’ because v,, v; < p for alli, 1< i <n. This follows 
from the uniqueness of the p-adic expression of a natural number. Hence, we may choose 
[yy «+ Ly Such that f(x, y2+X$?,... Vy tx") = 0x4! +h(Xp, Yo -- Yn) With c € K,c # 0, and 
h € K[yy,.--,Yn][%4] has in x, a degree < N. If we divide by c and take aj, by,...,b, for 
X1,Yo)--->Yp then we get an integral equation of a, over K[b,,...,b,]. Therefore, the ring 
extension A = K[a,...,@,]|K[b2,...,D,] is integral (see Theorem 20.2.9), a; = b; + a for 
2 <i <n. By induction, there exist elements u,,...,U, in K[bo,..., b,] with the following 
properties: 
1 K[uy,...,Um] is a polynomial ring of the m independent indeterminates Uy, ..., Um, 
and 
2. K[bo,...,D,]\|K[Uy,..., Up] is integral. 


Hence, also A|K[u,,..., U,] is integral by Theorem 20.2.14. 
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Corollary 20.3.11. Let E|K be a field extension. IfE = K[a,,...,a,] for a,,...,a, € E, then 
E\K is algebraic. 


Proof: By Theorem 20.3.10, we have that E contains a polynomial ring K[uy,...,Um], 
0 < m < n, of the m independent indeterminates wW,...,U,, as a subring, for which 
E|K[uy,...,Um] is integral. We claim that then already K[uy,...,U,,] is a field. To prove 
that, let a € K[u,,...,Up]l,a@ # 0. The element a! ¢ E satisfies an integral equation 
(a71)" + a,_4(a*)" 1 +--+ + ay = 0 over K[Uy,...,Um] =: R. Hence, 


G04 Gee oe eR: 


Therefore, R is a field, which proves the claim. This is possible only for m = 0, and then 
E|K is integral; here, that is algebraic. 


20.4 The Transcendence of e and 1 


Although we have shown that within C, there are continuously many transcendental 
numbers, we have only shown that one particular number is transcendental. In this 
section, we prove that the numbers e and z are transcendental. We start with e. 


Theorem 20.4.1. e is a transcendental number, that is, transcendental over Q. 


Proof. Let f(x) € R[x] with the degree of f(x) =m 21. 
Let z, € C,z, #0, and y: [0,1] > C, y(t) = tz. Let 
qy 


I(Z,) = [erfode = (|) et “F(z)dz. 
y 


y 0 
By ( J ; oe we mean the integral from 0 to z, along y. Recall that 


Zy 


(|) et *f (z)dz = ~f (zy) + ef (0) + (| 
o/7Y 


0 


Zy 


) et 7F! (2) dz. 
y 


It follows then by repeated partial integration that 
(1) T(z) = e* YE f% 0) - Yeo fP er). 


Let |f|(x) be the polynomial we get if we replace the coefficients of f(x) by their absolute 
values. Since |e”"~?| < e!~2! < ell, we get 
(2) W(z)I < lzqle™"IF (1241). 


Now assume that e is an algebraic number; that is, 
(3) do+qet--:+qne” = 0 for n > 1and integers qo # 0, q4,...,p, and the greatest 
common divisor of qo, qy,.--, In, is equal to 1. 
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For a detailed proof of these facts see for instance [52]. We consider now the polynomial 
f(x) = x? *(x-1)? -.-(x =n)? with p a sufficiently large prime number, and we consider 
I(Z,) with respect to this polynomial. Let J = qoI(0) + q,J(1) + --- + q,J(n). 

From (1) and (3), we get that 


J=- >> ad? (k), 


where m = (n + 1)p—1, since (qg + que +--+ + Ine Sof” (0)) =0. 

Now, f(k) = Oifj < p,k > 0,andifj < p—1,thenk = 0. Hence, f"(k) is 
an integer that is divisible by p! for all j,k, except for j = p-—1,k = 0. Furthermore, 
f? (0) = (p - 1)(-1)"?(n!)?. Hence, if p > n, then f~(0) is an integer divisible by 
(p — 1)!, but not by p!. It follows that J is a nonzero integer that is divisible by (p — 1)! 
if p > |qo| and p > n. So let p > n, p > |qol, so that |J| => (p — 1)!. Now, |f|(k) < (2n)™. 
Together with (2), we then get that |J| < |qlelf|(1) +--- + lqnine"|f|(n) < c? for a number 
c independent of p. It follows that 


(P-Yisfise’; 
that is, 


VI Gee 
*S pai §O-or 


This gives a contradiction, since — 0asp > o. 


p-1 

oo dD! 
We now move on to the transcendence of z. We first need the following lemma: 
Lemma 20.4.2. Suppose a € C is an algebraic number and f(x) = a,x" +--+ +),n> 1, 
a, #0, andalla; « Z (f(x) € Z[x]) with f(a) = 0. Then a,a is an algebraic integer. 
Proof. 
n-1 _ 7nyn n-1 n-1 n-1 
a, f(X) =a,xX°+@, A,4X +++++@, Ag 
= (a,X)" + dy 4(Q,x)” +++ +a" Tay 


= &(AX) = 8) € ZIV], 


where y = a,X,and g(y) is monic. Then g(a,,a) = 0; hence, a, a is an algebraic integer. 


Theorem 20.4.3. 7 is a transcendental number, that is, transcendental over Q. 


Proof. Assume that z is an algebraic number. Then @ = iz is also algebraic. Consider the 
conjugates 0, = 0, 05,..., 04 of @. Suppose 


D(X) =o + QyX +--+ + qax" €Z[x], qqg>0, and = gcd(q,...,dq) =1 
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is the entire minimal polynomial of 6 over Q. Then 6, = 6,6,,...,0q are the zeros of 
this polynomial. Let t = qj. Then from Lemma 20.4.2, t6; is an algebraic integer for all i. 
From e” +1 = 0, and from 6, = iz, we get that 


(1+ e")(1+e%)---(14 e%) =0. 
The product on the left side can be written as a sum of 2“ terms e®, where 
0) = €,0, +--+ + €gOq, 


€; = 0 or 1. Let n be the number of terms €,6; + --- + €g8q that are nonzero. Call these 


Qy,...,@y. We then have an equation 
qtret+--- +e =0 


with q = 2¢ _n > 0. Recall that all ta; are algebraic integers, and we consider the poly- 
nomial 


fo= fPxP Tex = a,)?---(x-—a,)? 


with p a sufficiently large prime integer. We have f(x) € R[x], since the q; are algebraic 
numbers, and the elementary symmetric polynomials in a,,..., a, are rational numbers. 
Let I(Z,) be defined as in the proof of Theorem 20.4.1, and now let 


J =1(a,)+---+I(a,). 


From (1) in the proof of Theorem 20.4.1 and (4), we get 


m min 
T=-4¥ FP) - YY fay, 
jx0 j=0 k=1 
with m = (n+1)p-1. 

Now, Yyaf “) (a;,) is asymmetric polynomial in ta,,..., ta, with integer coefficients, 
since the ta; are algebraic integers. It follows from the main theorem on symmetric poly- 
nomials that yj-0 Say (a,) is an integer. Furthermore, f (a,) = 0 for j < p. Hence, 
veo Deaf”? (ax) is an integer divisible by p!. Now, fY (0) is an integer divisible by p! if 
j#p-1andf? (0) = (p—1)\(-t)"” x (a, ---a@,,)? is an integer divisible by (p — 1)!, but 
not divisible by p! if p is sufficiently large. In particular, this is true if p > |t"(a,---a,)| 
and also p > q. 

From (2) in the proof of Theorem 20.4.1, we get that 


Vl < layle!' [fi (layl) + «++ + lagle!" fF I(latal) < c? 


for some number c independent of p. 
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As in the proof of Theorem 20.4.1, this gives us 


(p-Ii ssc’; 


that is, 


transcendental. 


VI eo 
*S pai §°@-oF 


This, as before, gives a contradiction, since an — Oasp — oo. Therefore, 7 is 


20.5 Exercises 


1. 


A polynomial p(x) € Z[x] is primitive if the GCD of all its coefficients is 1. Prove the 

following: 

(i) Iff(x) and g(x) are primitive, then so is f(x)g(x). 

(ii) If f(x) € Z[x] is monic, then it is primitive. 

(iii) If f(x) € Q[x], then there exists a rational number c such that f(x) = cf;(x) with 
f,(X) primitive. 

Let d be a square-free integer and K = Q(vVd) be a quadratic field. Let Rx be the 

subring of K of the algebraic integers of K. Show the following: 

(i) Re = {m+nvd: mn « Z}ifd = 2 (mod 4) ord = 3 (mod 4). {1, Vd} is an 
integral basis for Rx. 

(ii) Ry = {m+ nya :m,ne Zhifd =1(mod 4). {1, Leva is an integral basis for Rx. 

(iii) If d < 0, then there are only finitely many units in Ry. 

(iv) If d > 0, then there are infinitely many units in Rx. 

Let K = Q(a) with a? + a+1= and Rx, the subring of the algebraic integers in K. 

Show that: 

(i) {1,a,a’} is an integral basis for Rx. 

(ii) Ry = Z[al. 

Let A|R be an integral ring extension. If A is an integral domain and R a field, then 

Ais also a field. 

Let A|R be an integral extension. Let P be a prime ideal of A and p be a prime ideal 

of R such that P n R = p. Show that: 

(i) Ifp is maximal in R, then P is maximal in A. 
(Hint: consider A/P.) 

(ii) If P, is another prime ideal of A with Py NR = p and Py c P, then P = Po. 
(Hint: we may assume that A is an integral domain, and P Nn R = {0}, otherwise 
go to A/P.) 

Show that for a field extension E|K, the following are equivalent: 

(i) [E : K(B)] < oo for each transcendence basis B of E|K. 
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(ii) trgd(E|K) < co and [E : K(B)] < oo for each transcendence basis B of E|K. 
(iii) There is a finite transcendence basis B of E|K with [E : K(B)] < oo. 
(iv) There are finitely many x,,...,xX, € E with E = K(%,...,Xp). 
7. Let E|K bea field extension. If E|K is purely transcendental, then K is algebraically 
closed in E. 


21 The Hilbert Basis Theorem and the Nullstellensatz 


21.1 Algebraic Geometry 


An extremely important application of abstract algebra and an application central to 
all of mathematics is the subject of algebraic geometry. As the name suggests this is 
the branch of mathematics that uses the techniques of abstract algebra to study geo- 
metric problems. Classically, algebraic geometry involved the study of algebraic curves, 
which roughly are the sets of zeros of a polynomial or set of polynomials in several vari- 
ables over a field. For example, in two variables a real algebraic plane curve is the set 
of zeros in IR? of a polynomial p(x,y) € R[x,y]. The common planar curves, such as 
parabolas and the other conic sections, are all plane algebraic curves. In actual prac- 
tice, plane algebraic curves are usually considered over the complex numbers and are 
projectivized. 

The algebraic theory that deals most directly with algebraic geometry is called com- 
mutative algebra. This is the study of commutative rings, ideals in commutative rings, 
and modules over commutative rings. A large portion of this book has dealt with com- 
mutative algebra. 

Although we will not consider the geometric aspects of algebraic geometry in gen- 
eral, we will close the book by introducing some of the basic algebraic ideas that are 
crucial to the subject. These include the concept of an algebraic variety or algebraic set 
and its radical. We also state and prove two of the cornerstones of the theory as applied 
to commutative algebra—the Hilbert basis theorem and the nullstellensatz. 

In this chapter, we also often consider a fixed field extension C|K and the polynomial 
ring K[x;,...,X,] of the n independent indeterminates x,,...,x,. Again, in this chapter, 
we often use letters a, b, m, p, B, 2, O,... for ideals in rings. 


21.2 Algebraic Varieties and Radicals 


We first define the concept of an algebraic variety: 


Definition 21.2.1. If M c K[x,,...,X,], then we define 
N(M) = {(@y..-5Q,) € C" : f (Gy)... Q_) = OVE € Mh. 


a = (Q,...,Q,) € N(M) is called a zero (Nullstelle) of M in C", and N(M) is called the 
zero set of M in C". If we want to mention C, then we write \V(M) = N;(M). A subset 
V c C" of the form V = N(M) for some M c K[x,..., Xp] is called an algebraic variety 
or (affine) algebraic set of C" over K, or just an algebraic K-set of C”. 


For any subset N of C”, we can reverse the procedure and consider the set of poly- 
nomials, whose zero set is N. 
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Definition 21.2.2. Suppose that N c C”. Then 
I(N) = {f €K[X,...,Xpl sf (Gp ---5 Ay) = 0 V(Qy,...5 Qn) € NI}. 


Instead of f € I(N), we also say that f vanishes on N (over K). If we want to mention K, 
then we write I(N) = Ix(N). 


What is important is that the set J(V) forms an ideal. The proof is straightforward. 


Theorem 21.2.3. For any subset N c C", the set I(N) is an ideal in K[x,,...,X,]; itis called 
the vanishing ideal of N c C" in K[X%,...,Xy]. 


The following result examines the relationship between subsets in C” and their van- 
ishing ideals. 


Theorem 21.2.4. The following properties hold: 

(Q) McM' => N(M')cN(M); 

(2) Ifa=(M) is the ideal in K[x,,...,x,] generated by M, then N(M) = N(a); 

(33) NcN' SIN’) cI(N); 

(4) McIN(M) for allM c K[x,...,X,]; 

(5) NcWNI(N) for allN <C"; 

(6) If (aj)icr is a family of ideals in K[x,,...,X,], then Mier N(a;)) = N (Xie aj). Here 
Mier 4 is the ideal in K[x,,...,X,], generated by the union jez 44 

(7) Ifa,b are ideals in K[X,,...,X,], then N(a) UN(6) = N(ab) = N(an 6). Here ab is 
the ideal in K[Xx;,...,X,] generated by all products fg, where f <« aand g «< b; 

(8) N(M) = NIN(M) for allM c K[xy,...,Xy]; 

(9) V=NI(V) for all algebraic K-sets V; 

(10) I(N) = INI(N) for allN < Cc". 


Proof. The proofs are straightforward. Hence, we prove only (7), (8), and (9). The rest 
can be left as exercise for the reader. 
Proof of (7): Since ab c an b c a,b, we have, by (1), the inclusion 


N(a) UN(6) c N(an 6) c Nab). 


Hence, we have to show that V’(ab) c N(a) U Nb). 

Let a = (a4,...,@,) € C” be a zero of ab, but not a zero of a. Then there is anf € a 
with f(a) # 0; hence, for all g ¢€ 6b, we get f(a)g(a) = (fg)(a) = 0. Thus, g(a) = 0. 
Therefore, a € N’(b). 

Proof of (8) and (9): Let M c K[X,,...,X,]. Then, on the one hand, M c IN(M) by 
(5), and further VIN/(M) < N‘(M) by (1). On the other hand, V(M) ¢ NIN (M) by (6). 
Therefore, V(M) = NIN(M) for all M c K[x,...,X)]. 

Now, the algebraic K-sets of C” are precisely the sets of the form V = V(M). Hence, 
V=NI(V). 
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We make the following agreement: if a is an ideal in K[x,,...,X,], then we write 
ad K[X,...,X,]- 


IfadK[x,,...,X,], then we do not have a = J.V(a) in general. That is, ais, in general, 
not equal to the vanishing ideal of its zero set in C”. The reason for this is that not each 
ideal a occurs as a vanishing ideal of some N c C". If a = I(N), then we must have that 
f™ € afor m>1impliesf € a. 

Hence, for instance, if a = (xf, sae x?) <K[X;,...,X,], then ais not of the form a = 
I(N) for some N c C”. We now define the radical of an ideal: 


Definition 21.2.5. Let R be a commutative ring and a < Ran ideal in R. Then 
va={f ¢R:f™ € aforsomeme N} 


is an ideal in R. Vais called the radical of a (in R). ais said to be reduced if Va = a. 


We note that the V0 is called the nil radical of R; it contains exactly the nilpotent 
elements of R; that is, the elements a €¢ R witha™ = 0 for somem € N. 

Let a<R be anideal in Rand z : R > R/athe canonical mapping. Then vais exactly 
the preimage of the nil radical of R/a. 


21.3 The Hilbert Basis Theorem 


In this section, we show that if K is a field, then each ideal a < K[x,,...,X,] is finitely 
generated. This is the content of the Hilbert basis theorem. This has as an important 
consequence: any algebraic variety of C” is the zero set of only finitely many polynomi- 
als. 

The Hilbert basis theorem follows directly from the following Theorem 21.3.2. Before 
we state this theorem, we need a definition. 


Definition 21.3.1. Let R be a commutative ring with an identity 1 # 0. R is said to be 
Noetherian if each ideal in R is generated by finitely many elements; that is, each ideal 
in Ris finitely generated. 


Theorem 21.3.2. Let R be a noetherian ring. Then the polynomial ring R[x] over R is also 
noetherian. 


Proof: Let 0 # f;, € R[x]. We denote the degree of f, with deg(f,,). Let a R[x] be an ideal 
in R[x]. Assume that a is not finitely generated. Then, particularly, a # 0. We construct a 
sequence of polynomials f, € asuch that the highest coefficients a; generate an ideal in 
R, which is not finitely generated. This produces then a contradiction; hence, a is in fact 
finitely generated. Choose f, € a, f, # 0, so that deg(f,) = n, is minimal. 
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Ifk > 1, then choose fi, € a fray ¢ (fp--->f) So that deg(i.1) = N44 is minimal 
for the polynomials in a \ (ff,...,/;,). This is possible, because we assume that a is not 
finitely generated. 

We have n;, < n41 by construction. Furthermore, (q),..., Ax) ¢ (Qy..+5 As Ay): 

To see this, assume that (a),...,@,) = (Qy,..-,QxsQjq4). Then ayy, € (Ay,..., Ay). 
Hence, there are b; € R with a;,,, = Yi, a;b;. Let g(x) = Yi, bifoox™*"; hence, g € 
(fir--of)s aNd J = Ag yXMHI $e, 

Therefore, deg(f,,1-2) < Ny, andf,,,-g ¢ (f,...,f;,), which contradicts the choice 
of f,41. This proves the claim. Hence, (a;,...,;) € (Qy,..-,Qx; A414), which contradicts 
the fact that R is Noetherian. Hence, a is finitely generated. 


We now have the Hilbert basis theorem: 


Theorem 21.3.3 (Hilbert basis theorem). Let K be a field. Then any ideal a < K[x;,...,Xy] 
is finitely generated; that is, a = (f,,...,fm) for finitely many f,,..., fin € KG... Xp). 


Corollary 21.3.4. If C|K is a field extension, then each algebraic K-set V of C” is already 
the zero set of only finitely many polynomials fi, ..., fin € K[Xy,..-5X py). 


V = {(q,,...,4,) € CC": f,(ay,...,4,) = Ofori=1,...,m}. 


Furthermore, we write V = N(f,,...5fm)- 


21.4 The Nullstellensatz 


Vanishing ideals of subsets of C” are not necessarily reduced. For an arbitrary field C, 
the condition 


f ea m>1=>fea 


is, in general, not sufficient for a << K[x,,...,X,] to be a vanishing ideal of a subset of C”. 
For example, letn > 2, K = C = Randa = (xj +---+ x2) d R[y,...,X,]. ais a prime 
ideal in R[X,,...,X,], because xj +--- +x? is a prime element in R[x}, ...,X,]- Hence, ais 
reduced. But, on the other hand, \V(a) = {0}, and J({0}) = (%4,...,X,). Therefore, ais not 
of the form I(N) for some N c C". If this would be the case, then a = I(N) = INI(N) = 
I{0} = (%4,...,X,), because of Theorem 21.2.4 (10), which gives a contradiction. 

The nullstellensatz by Hilbert, which we give in two forms shows that if a is reduced, 
that is, a = Va, then LNV(a) = a. 


Theorem 21.4.1 (Hilbert’s nullstellensatz, first form). Let C\K be a field extension with C 
algebraically closed. If a < K[x,,...,X,], then IN(a) = Va. Moreover, if a is reduced, that 
is, a = Va, then IN(a) = a. Therefore, N defines a bijective map between the set of reduced 
ideals in K[x,,...,X,] and the set of the algebraic K-sets in C", and I defines the inverse 
map. 
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The proof follows from the following: 


Theorem 21.4.2 (Hilbert’s nullstellensatz, second form). Let C|K be a field extension with 
C algebraically closed. Let a 4 K[X,,...,X,] with a # K[X,...,X,]. Then there exists an 
a = (Q,...,A,) € C" with f (a) = 0 for all f € a; that is, N¢(a) # 9. 


Proof: Since a # K[Xx;,...,X,], there exists a maximal ideal m< K[x,,...,X,] with a c m. 
We consider the canonical map 7 : K[X,,...,X,] > K[X...,X,]/m. Let 6; = (x;) for 
i=1,...,n. Then K[X,...,X,]/m = K[Bj,...,B,] =: E. Since m is maximal, F is a field. 
Moreover, E|K is algebraic by Corollary 20.3.11. Hence, there exists a K-homomorphism 
o : K[P,,...,B,] — C (C is algebraically closed). Let a; = o(f;). As a result we have 
f(q,...,@,) = 0 for all f € m. Since a c m this holds also for all f € a. Hence, we get a 
Zero (Ay,...,@,) of ain Cc”. 


Proof of Theorem 21.4.1. Let a < K[X,,...,Xp], and let f ¢ I\’(a). We have to show that 
f™ € afor some m € N. Iff = 0, then there is nothing to show. 

Now, let f # 0. We consider K[x;,...,X,] aS a subring of K[X,...,Xn.Xy41] ofthe n+1 
independent indeterminates X,,...,Xp5Xn44- In K[Xy,...,XqXni1], we consider the ideal 
a= (a,1—-Xpiif) KIX; ...5XpsXpyr], generated by a and1— x,,,f. 

Case 1: &@ # K[Xy,...,Xp»Xnqi]- Then & has a zero (B;,...,Bn»Bni1) in C"*! by Theo- 
rem 21.2.4. Hence, for (B;,...; By» Bny1) € N’(a), we have the equations: 

(1) g(B;,...,Bn) = 0 for all g € a, and 
(2) FB, see BBnv =1 


From (1), we get (f;,...,B,) € N(a). In particular, f(f,,...,6,) = 0 for our f € IN(a). 
But this contradicts (2). Therefore, a # K[X,,...,Xy»Xy44] is not possible. Thus, we have 
Case 2: a = K[Xy,...,XyXn41], that is, 1 € a. Then there exists a relation of the form 


1=) higi+hQ-Xnuf) for some g; ¢ aand hj, h € K[X1,....XnXnst]- 
i 


The map given by x; » x; for1 <i < nandx,,,; 6 7 defines a homomorphism @ : 
K[X%3.- 3X Xnui] 2 K(xy,...,X,), the quotient field of K[x,,...,X,]. From (3), we get 
arelation 1 = ¥;hjOq,...,Xp> pBiXL .. Xp) In K(X,...,X,). If we multiply this with a 
suitable power f” of f, we get f" = Yj hil4y,...,Xpn)8i(X---.Xp) for some polynomials 
he K[y,...,X,]. Since g; € a, we get f™ € a. 


21.5 Applications and Consequences of Hilbert’s Theorems 


Theorem 21.5.1. Each nonempty set of algebraic K-sets inC" contains a minimal element. 
In other words, for each descending chain 


V, 2 V,>-:- > Vin > Ving 2° (21.1) 
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of algebraic K-sets V; in C", there exists an integer m such that Vin = Vinay = Ving = °°" 
or equivalently, every strictly descending chain V; 2 V> 2 --: of algebraic K-sets V; in C” 
is finite. 


Proof. We apply the operator J; that is, we pass to the vanishing ideals. This gives an 
ascending chain of ideals 


I(V,) CI(Vg) C++» CL Vin) CL Ving) Core. (21.2) 


The union of the J(V;) is an ideal in K[x,,...,xX,], and hence, by Theorem 21.3.3, 
finitely generated. Therefore, there is an m with I(V,,) = I(Viny1) =I(Vinga) = 00 

Now we apply the operator VV and get the desired result, because V; = VI(V;) by 
Theorem 21.2.4 (10). 


Definition 21.5.2. An algebraic K-set V # @ in C” is called irreducible if it is not describ- 
able as a union V = V, U V, of two algebraic K-sets V; # 0 in C” with V; # V fori =1,2. 
An irreducible algebraic K-set in C” is also called a K-variety in C". 


Theorem 21.5.3. An algebraic K-set V # @inC" is irreducible if and only if its vanishing 
ideal I,(V) = I(V) is a prime ideal of R = K[X,,...,X,] with I(V) # R. 


Proof. (1) Let V be irreducible. Let fg ¢ I(V). Then V = NI(V) ¢ N(fg) = N(f) UN(g); 
hence, V = V, U V, with the algebraic K-sets V; = NV(f) n V and V, = V(g) nN V. Now 
V is irreducible; hence, V = V,, or V = V», say V = V;. Then V c AN(f). Therefore, 
f €IN(f) c I(V). Since V # @, we have further 1 ¢ I(V); that is, I(V) # R. 

(2) Let I(V) aR with I(V) # R bea prime ideal. Let V = V, UV), V, # V, with algebraic 
K-sets V; in C”. First, 


I(V) = I(V, U Vp) = 1(V,) NI(Vp) > I(V)I(V,), (x) 


where I(V;)I(V>) is the ideal generated by all products fg with f € I(V;), g € I(V,). 
We have I(V,) # I(V), because otherwise V; = NI(V,;) = NI(V) = V contradicting 
V, # V. Hence, there is af ¢€ I(V,) with f ¢ I(V). Now, I(V) # Ris a prime ideal; hence, 
necessarily I(V,) c I(V) by («). It follows that V c V,. Therefore, V is irreducible. 


Note that the affine space K” is, as the zero set of the zero polynomial 0, itself an 
algebraic K-set in K". If K is infinite, then J(K") = {0}. Hence, K” is irreducible by The- 
orem 21.5.3. Moreover, if K is infinite, then K" can not be written as a union of finitely 
many proper algebraic K-subsets. If K is finite, then K” is not irreducible. 

Furthermore, each algebraic K-set V in C” is also an algebraic C-set in C”. If V is 
an irreducible algebraic K-set in C", then—in general—t is not an irreducible algebraic 
C-set inc”. 


Theorem 21.5.4. Let V be an algebraic K-set inC". Then V can be written as a finite union 
V=V,UV,U---UV, of irreducible algebraic K-sets V; in C". If here V; ¢ V; for all pairs 
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(i,k) with i # k, then this presentation is unique, up to the ordering of the V;, and then the 
V; are called the irreducible K-components of V. 


Proof. Let abe the set of all algebraic K-sets in C”, which can not be presented as a finite 
union of irreducible algebraic K-sets in C". 

Assume that a # 0. By Theorem 21.4.1, there is a minimal element V in a. This V 
is not irreducible, otherwise we have a presentation as desired. Hence, there exists a 
presentation V = V, U V, with algebraic K-sets V;, which are strictly smaller than V. By 
definition, both V, and V, have a presentation as desired; hence, V also has one, which 
gives a contradiction. Hence, a = 9. 

Now suppose that V = V, U--- UV, = W, U--- U W, are two presentations of the 
desired form. For each V;, we have a presentation V; = (V;N W,) U---U(V;N W,). Each 
Vin W; is a K-algebraic set (see Theorem 21.2.4). Since V; is irreducible, we get that there 
is a W; with V; = V;/N Wi, that is, V; c Wj. Analogously, for this Wj), there is a V, with 
W; c V,. Altogether, V; c W; c V;. But V, ¢ V, ifp # q. Hence, from V; c Wj c Vi, 
we get i = k. Therefore, V; = Wj; that means, for each V; there is a W; with V; = W;. 
Analogously, for each W,, there is a V; with W, = V;. This proves the theorem. 


Example 21.5.5. 1. Let M = {gf} c R[x, y] with g(x) = x*+y’-1and f(x) = x’ +y’-2. 
Then we have V(M) = V = V, U Vo, where V, = N(g), and V, = N(f); V is not 
irreducible. 

2. Let M ={f} c R[x, y] with f(x,y) = xy -1;f is irreducible in R[x, y]. Therefore, the 
ideal (f) is a prime ideal in R[x, y]. Hence, V = \(f) is irreducible. 


Definition 21.5.6. Let V be an algebraic K-set in C". Then the residue class ring 
K[V] = K[x%,...,X,]/IV) 
is called the (affine) coordinate ring of V. 


K[V] can be identified with the ring of all those functions V — C, which are given 
by polynomials from K[x,,...,X;,]. AS ahomomorphic image of K[x,,...,X,], we get that 
K[V] can be described in the form K[V] = K[q,,...,q@,]; therefore, a K-algebra of the 
form K[a,,...,@,] is often called an affine K-algebra. If the algebraic K-set V in C” is 
irreducible—we can call V now an (affine) K-variety in C'—then K[V] is an integral 
domain with an identity, because I(V) is then a prime ideal with I(V) # R by Theo- 
rem 21.4.2. The quotient field K(V) = Quot K[V] is called the field of rational functions 
on the K-variety V. 

We note the following: 

1. If C is algebraically closed, then V = C” is a K-variety, and K(V) is the field 
K(x%,...,X,) of the rational functions in n variables over K. 

2. Let the affine K-algebra A = K[a,,...,@,] be an integral domain with an identity 
1#0.Then A = K[X,,...,X,]/p for some prime ideal p # K[x,,...,X,]. Hence, if C 
is algebraically closed, then A is isomorphic to the coordinate ring of the K-variety 
V = N(p) in C” (see Hilbert’s nullstellensatz, first form, Theorem 21.4.1). 
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3. Ifthe affine K-algebra A = K[ay,...,a,] is an integral domain with an identity 1 # 0, 
then we define the transcendence degree trgd(A|K) to be the transcendence degree 
of the field extension Quot(A)|K; that is, trgd(A|K) = trgd(Quot(A)|K), Quot(A) the 
quotient field of A. 

In this sense, trgd(K[X,,...,X,]|K) = n. Since Quot(A) = K(a,,...,a,), we get 
trgd(A|K) < n by Noether’s normalization theorem (Theorem 20.3.10). 

4. Anarbitrary affine K-algebra K[q,,...,a,] is, as ahomomorphic image of the poly- 

nomial ring K[X),...,X,,], noetherian (see Theorem 21.2.4 and Theorem 21.2.3). 


Example 21.5.7. Let w,, 2 € C two elements which are linear independent over R. An 
element W = MW, + MW, with m,,mM, € Z, is called a period. The periods describe an 
Abelian group Q = {m,W, + M,W :M,,M, € Z} = Ze Zand give a lattice in C. 


1 W1 + W2 


W2 


An elliptic function f (with respect to Q) is a meromorphic function with period 
group Q, that is, f(z + w) = f(z) for all z € C. The Weierstrass g-function, 


1 1 1 
e@=a+ Y (aap) 


04#weQ 


is an elliptic function. 

With g) = 60 Yosweo ar and $3 = 140 Yosweo ar, We get the differential equation 
g’ (z)° = 4¢(z)° + g,¢0(z) + g3 = 0. The set of elliptic functions is a field E, and each elliptic 
function is a rational function in g and g' (for details see, for instance, [44]). 

The polynomial f(t) = t? - 4s? + gos + g3 € C(s)[t] is irreducible over C(s). For the 
corresponding algebraic C(s)-set V, we get K(V) = C(s)[t]/(t? — 48° + gs +. g3) = E with 
respect totrg’,srg. 


21.6 Dimensions 


From now we assume that C is algebraically closed. 


Definition 21.6.1. (1) The dimension dim(V) of an algebraic K-set V in C” is said to be 
the supremum of all integers m, for which there exists a strictly descending chain 
V) 2V, 2--- 2 V,, of K-varieties V; in C" with V; ¢ V for alli. 
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(2) Let A be a commutative ring with an identity 1 # 0. The height h(p) of a prime ideal 
p # A ofA is said to be the supremum of all integers m, for which there exists a 
strictly ascending chain po ¢ p, ¢ --- & Pm = p Of prime ideals p; of A with p,; # A. 
The dimension (Krull dimension) dim(A) of A is the supremum of the heights of all 
prime ideals # A in A. 


Theorem 21.6.2. Let V be an algebraic K-set in C". Then dim(V) = dim(K[V)). 


Proof. By Theorem 21.2.4 and Theorem 21.4.2, we have a bijective map between the 
K-varieties W with W c V and the prime ideals # R = K[X,...,X,] of R, which con- 
tain I(V) (the bijective map reverses the inclusion). But these prime ideals correspond 
exactly with the prime ideals # K[V] of K[V] = K[x;,...,X,]/I(V), which gives the state- 
ment. 


Suppose that V is an algebraic K-set in C”, and let V;,..., V, the irreducible compo- 
nents of V. Then dim(V) = max{dim(V;),..., dim(V,.)}, because if V is a K-variety with 
V' c V, Then, V’ = (V'n V,) U---U(V' Nn V,). Hence, we may restrict ourselves on 
K-varieties V. 

If we consider the special case of the K-variety V = C! = C (recall that C is alge- 
braically closed, and, hence, in particular, C is infinite). Then K[V] = K[x], the polyno- 
mial ring K [x] in one indeterminate x. Now, K [x] is a principal ideal domain, and hence, 
each prime ideal + K [x] is either a maximal ideal or the zero ideal {0} of K[x]. The only 
K-varieties in V = C are therefore V itself and the zero set of irreducible polynomials in 
K [x]. Hence, if V = C, then dim(V) = dim K[V] =1 = trgd(K[V]|K). 


Theorem 21.6.3. LetA = K[a,,...,a,] be an affine K-algebra, and let A be also an integral 
domain. Let {0} = po & P1 | --- | Pm De amaximal strictly ascending chain of prime ideals 
in A (such a chain exists since A is noetherian). Then m = trgd(A|K) = dim(A). In other 
words; 

All maximal ideals of A have the same height, and this height is equal to the transcen- 
dence degree of A over K. 


Corollary 21.6.4. Let V be a K-variety in C". Then dim(V) = trgd(K[V]|K). 
We prove Theorem 21.6.3 in several steps. 


Lemma 21.6.5. Let R be an unique factorization domain. Then each prime ideal p with 
height h(p) = 1is a principal ideal. 


Proof. p # {0}, since h(p) = 1. Hence, there is anf € p,f # 0. Since R is an unique 
factorization domain, f has a decomposition f = p;---p,; with prime elements p; € R. 
Now, p is a prime ideal; hence, some p; € p, because f € p, say p; € p. Then we have the 
chain {0} ¢ (p,) ¢ p, and (p,) is a prime ideal of R. Since h(p) = 1, we get (p,) = p. 


Lemma 21.6.6. Let R = K[y,,...,y,] be the polynomial ring of the r independent indeter- 
minates y;,...,Y, over the field K (recall that R is a unique factorization domain). If p is 
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a prime ideal in R with height h(p) = 1, then the residue class ring R = R/p has transcen- 
dence degree r — 1 over K. 


Proof. By Lemma 21.6.5, we have that p =(p) for some nonconstant polynomial 
p ¢ K{y,...,y,]. Let the indeterminate y = y, occur in p, that is, degy(p) = 1, the 
degree in y. If f is a multiple of p, then also deg, (f) > 1. Hence, pn K[y;,...,y-] # {0}. 
Therefore, the residue class mapping R — R = K[y,,...,y,] induces an isomorphism 
K[y,,---.¥p1] 2 K[y1,---,¥,_4] of the subring K[y,,...,y,_1]; that is, y,,...,y,_1 are al- 
gebraically independent over K. On the other hand, p(yj,...,¥,_1,¥,) = 0 is a nontrivial 
algebraic relation for y, over K(y,,...,V,_4)- 

Hence, altogether trgd(R|K) = trgd(K(j,,...,9,)|K) = r —1 by Theorem 20.3.9. 


Before we describe the last technical lemma, we need some preparatory theoretical 
material. 

Let R,A be integral domains (with identity 1 # 0), and let A|R be a ring extension. 
We first consider only R. 

(1) Asubset S c R \ {0} is called a multiplicative subset of R if1 € S for the identity 1 
of R, and ifs, t € S, then also, st € S. (x,s) ~ (y, t) «© xt — ys = 0 defines an equivalence 
relation on M = Rx S. Let ‘ be the equivalence class of (x, s) and SR, the set of all 
equivalence classes. We call ; a fraction. If we add and multiply fractions as usual, 
we get that S-'R becomes an integral domain; it is called the ring of fractions of R with 
respect to S. If, in particular, S = R \ {0}, then SR = Quot(R), the quotient field of R. 

Now, back to the general situation. i: R > S1R, i(r) = a defines an embedding of 
R into SR. Hence, we may consider R as a subring of S'R. For eachs € S c R \ {0}, 
we have that i(s) is an unit in S!R. That is, i(s) is invertible, and each element of S'R 
has the form i(s) 1i(r) with r € R, s € S. Therefore, SR is uniquely determined up to 
isomorphisms, and we have the following universal property: 

If @ : R > R’ is aring homomorphism (of integral domains) with $(s) invertible 
for each s ¢ S, then there exist exactly one ring homomorphism A : SR — R’ with 
Aoi = ¢.Ifa<R is an ideal in a, then we write S~‘a for the ideal in S"1R, generated 
by i(a). Sa is the set of all elements of the form ¢ with a € aands ¢ S. Furthermore, 
Sta=()eanS #6. 

Vice versa; if 2 << S7!R is an ideal in S"!R, then we also denote the ideal i 1(2) «aR 
with 2. R. An ideal aR is of the form a = i *(2) if and only if there is nos € S such that 
its image in R/a under the canonical map R — R/ais a proper zero divisor in R/a. Under 
the mapping B > Bn Randp + Sp, the prime ideals in S'R correspond exactly to 
the prime ideals in R, which do not contain an element of S. 

We now identify R with i(R): 

(2) Now, let p « R be a prime ideal in R. Then S = R \ p is multiplicative. In this 
case, we write R, instead of SR, and call R,, the quotient ring of R with respect to p, 
or the localization of R of p. Put m = pR, = Sp. Then 1 ¢ m. Each element of R,/m is 
a unit in R, and vice versa. In other words, each ideal a # (1) in R, is contained in m, 
or equivalently, m is the only maximal ideal in R,. A commutative ring with an identity 
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1 # 0, which has exactly one maximal ideal, is called a local ring. Hence, Ry is a local 
ring. From part (1), we additionally get the prime ideals of the local ring R,, correspond 
bijectively to the prime ideals of R, which are contained in p. 

(3) Now we consider our ring extension A|R as above. Let q be a prime ideal in R. 

Claim: If qA n R = q, then there exists a prime ideal 0 «A with ON R = q (and vice 
versa). 

Proof of the claim: If S = R \ q, then gAnS = 9. Hence, qS“‘A is a proper ideal in 
SA. and hence contained in a maximal ideal min S"1A. Here, qS “14 is the ideal in S 14, 
which is generated by q. Define Q = mn A; Q is a prime ideal in A, and ON R = q by 
part (1), because 9:N S = @, where S = R \ q. 

(4) Now let A|R be an integral extension (A, R integral domains as above). Assume 
that R is integrally closed in its quotient field K. Let $8 < A be a prime ideal in A and 
p=PBR. 

Claim: If q < R is a prime ideal in A with q c p then qa, NR=q. 

Proof of the claim: An arbitrary B € qA, has the form B = < with a ¢€ qA, gA (the 
ideal in A generated by q), ands ¢€ S = A\ p. An integral equation for a € qA over K 
is given a form a" + a,_,a@"1+--- +49 = 0 with a; € q. This can be seen as follows: 
we have certainly a form a = ba, + --- + by Gp with b; ¢ q anda; € A. The subring 
A’ = R[qy,...,Qp] is, as an R-module, finitely generated, and aA’ c qA’. Now, a; € q 
follows with the same type of arguments as in the proof of Theorem 20.2.4. 


Now, in addition, let 6 € R. Then, for s = B we have an equation 


over K. But s is integral over R; hence, all at ER. 


We are now prepared to prove the last preliminary lemma, which we need for the 
proof of Theorem 21.6.3. 


Lemma 21.6.7 (Krull’s going up lemma). Let A|R be an integral ring extension of integral 
domains, and let R be integrally closed in its quotient field. Let p and q be prime ideals in 
R with q c p. Furthermore, let $8 be a prime ideal in A with 3 NR = p. Then there exists a 
prime ideal QinAwithQnR=gq,andOQc P. 


Proof. It is enough to show that there exists a prime ideal 9 in A, with Q 0 R = q. This 
can be seen from the preceding preparations. By part (1) and (2) such a Q has the form 
Q = Q’A, with a prime ideal Q' in A with Q' c $f, and QN A = QQ’, It follows that 
q = Q'NR c PNR = p. And the existence of such a Q follows from parts (3) and (4). 


Proof of Theorem 21.6.3. Let first be m = 0. Then {0} is a maximal ideal in A; and 
hence, A = K[q,...,@,] a field. By Corollary 20.3.11 then, A|K is algebraic; therefore, 
trgd(A|K) = 0. So, Theorem 21.3.3 holds for m = 0. 

Now, let m > 1. We use Noether’s normalization theorem. A has a polynomial ring 
R=K[y,,...,y,] of the r independent indeterminates y,,...,y, as a subring, and AR is 
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an integral extension. As a polynomial ring over K, the ring R is a unique factorization 
domain, and hence, certainly, algebraically closed (in its quotient field). 
Now, let 


{0} = Po | Bi |---| By (21.3) 


be a maximal strictly ascending chain of prime ideals in A. If we intersect with R, we get 
a chain 


{0} = po © Py C++ C Pm (21.4) 


of prime ideals p; = 38; R of R. Since AR is integral, the chain (21.4) is also a strictly 
ascending chain. This follows from Krull’s going up lemma (Lemma 21.6.7), because if 
p; = p; then $P; = 3;. If 8, is a maximal ideal in A, then also p,, is a maximal ideal in 
R, because A|R is integral (consider A/*8,,, and use Theorem 20.2.19). If the chain (21.3) is 
maximal and strictly, then also the chain (2). 

Now, let the chain (21.3) be maximal and strictly. If we pass to the residue class rings 
A = A/, and R = R/p,, then we get the chains of prime ideals 


{0} = 2, cP, c---cP, and {O} =f, ch. c-- chy, 


for the affine K-algebras A and R, respectively, but with a 1 less length. By induction, 
we may assume that already trgd(A|K) = m—1 = trgd(R|K). On the other hand, by 
construction, we have trgd(A|K) = trgd(R|K) = r. Finally, to prove Theorem 21.3.3, we 
have to show that r = m. If we compare both equations, then r = m follows if trgd(R|K) = 
r —1. But this holds by Lemma 21.6.6. 


Theorem 21.6.8. Let V be aK-variety inC". Then dim(V) = n-1ifand only if V = (f) for 
some irreducible polynomial f € K[xX;,...,Xy]- 


Proof. (1) Let V be a K-variety in C" with dim(V) = n-1. The corresponding ideal (in 
the sense of Theorem 21.2.4) is by Theorem 21.4.2 a prime ideal p in K[X;,...,X,]. By 
Theorem 21.3.3 and Corollary 21.3.4, we get h(p) = 1 for the height of p, because dim(V) = 
n—1(see also Theorem 21.3.2). Since K [x;,...,X,] is a unique factorization domain, we 
get that p = (f) is a principal ideal by Lemma 21.6.5. 

(2) Now let f ¢ K[X,...,X,] be irreducible. We have to show that V = N(f) has 
dimension n — 1. For that, by Theorem 21.6.3, we have to show that the prime ideal p = 
(f) has the height h(p) = 1. Assume that this is not the case. Then there exists a prime 
ideal q # p with {0} # q c p. Choose g € q,g # 0. Letg = uf“m;?---7," be its prime 
factorization in K[Xx;,...,X,]. Now g € qandf ¢ q, because q # p. Hence, there is a 77; in 
q & p = (f), which is impossible. Therefore h(p) = 1. 
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21.7 Exercises 


1. 


Let A = K[qy,...,a,] and C|K be a field extension with C algebraically closed. Show 
that there is a K-algebra homomorphism K[q,,...,d,] — C. 

Let K[x,,...,X,] be the polynomial ring of the n independent indeterminates 
X,,...,X, over the algebraically closed field K. The maximal ideals of K[x;,...,X;] 
are exactly the ideals of the form m(a) = (xX, — @,X_ - M,...,X, — M,) with 
a = (G4,...,Q,) € K”. 

The nil radical V0 of A = K[a,,...,a,] corresponds with the Jacobson radical of A, 
that is, the intersection of all maximal ideals of A. 

Let R be a commutative ring with 1 # 0. If each prime ideal of R is finitely generated, 
then R is noetherian. 

Prove the theoretical preparations for Krull’s going up lemma in detail. 

Let K[x,,...,X,] be the polynomial ring of the n independent indeterminates 
X1,...,X,- For each ideal a of K[x,,...,X;], there exists a natural number m with the 
following property: iff ¢ K[x,,...,X,] vanishes on the zero set of a, then f” € a. 
Let K be a field with char K # 2 anda, b € K*. We consider the polynomial 


fy) = ax’ + by’ -1lek[x y] 


as the polynomial ring of the independent indeterminates x and y. Let C be the al- 
gebraic closure of K(x) and B € C with f (x, B) = 0. Show the following: 

(i) f is irreducible over the algebraic closure C, of K (in C). 

(ii) trgd(K(x, B)|K) = 1, [K(x, B) : K(x)] = 2, and K is algebraically closed in K(x, f). 


22 Algebras and Group Representations 


22.1 Group Representations 


In Chapter 13, we spoke about group actions. These are homomorphisms from a group G 

into a set of permutations on a set S. The way a group G acts on a set S can often be used 

to study the structure of the group G, and, in Chapter 13, we used group actions to prove 
the important Sylow theorems. 

In this chapter, we discuss a very important type of group action called a group 
representation or linear representation. This is a homomorphism of a group G into the 
set of linear transformations of a vector space V over a field K. It is a finite-dimensional 
representation if V is a finite dimensional vector space over K, and infinite-dimensional 
otherwise. For an n-dimensional representation, each element of the group G can be 
represented by an (n x n)-matrix over K, and the group operation can be represented 
by matrix multiplication. As with general group actions, much information about the 
structure of the group G can be obtained from representations. In particular, in this 
chapter, we will present an important Burnside theorem, which shows that any finite 
group, whose order is divisible by only two primes, must be solvable. 

Representations of groups are important in many areas of mathematics. Group rep- 
resentations allow many group-theoretic problems to be reduced to problems in linear 
algebra, which is well understood. They are also important in physics and the study of 
physical structure, because they describe how the symmetry group of a physical system 
affects the solutions of equations describing that system. 

The theory of group representations can be divided into several areas depending on 
the kind of group being represented. The various areas can be quite different in detail, 
though the basic definitions and concepts are the same. The most important areas are: 
(1) The theory of finite group representations. Group representations constitute a cru- 

cial tool in the study of finite groups. They also arise in applications of finite group 

theory to crystallography and to geometry. 

(2) Group representations of compact and locally compact groups. Using integration 
theory and Haar measure, many of the results on representations of finite groups 
can be extended to infinite locally compact groups. The resulting theory is a cen- 
tral part of the area of mathematics called harmonic analysis. Pontryagin dual- 
ity describes the theory for commutative groups as a generalized Fourier trans- 
form. 

(3) Representations of Lie Groups. Lie groups are continuous groups with a differen- 
tiable structure. Most of the groups that arise in physics and chemistry are Lie 
groups, and their representation theory is important to the application of group 
theory in those fields. 

(4) Linear algebraic groups are the analogues of Lie groups, but over more general 
fields than just the reals or complexes. Their representation theory is more compli- 
cated than that of Lie groups. 
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For this chapter, we will consider solely the representation theory of finite groups, and 
for the remainder of this chapter, when we say group, we mean finite group. 


22.2 Representations and Modules 


A group representation is a group action on a vector space that respects the vector space 
structure. In this section, we examine the basic definitions of group representations 
and the ties to general modules over rings, both commutative and non-commutative. 
The main reference for this chapter is the book entitled Groups and Representations by 
J. L. Alperin and R. B. Bell [1]. We follow the main lines of this book. As we mentioned in 
the previous section, throughout the remainder of the chapter, group refers to a finite 
group. 

Let K be a field, and let G be a group action on a K-vector space V. We denote this 
action by gv for g € Gandv € V. The action is called linear if the following hold: 
() gwv+w)=gv+gwforallgeG,andv,we V. 
(2) g(av) = a(gv) forallg ¢€ G,aeK,andve V. 


Recall that group actions correspond to group homomorphisms into symmetric groups. 
For linear actions on a vector space V, we have a stronger result. 


Theorem 22.2.1. There is a bijective correspondence between the set of linear actions of 
a group G ona K-vector space V and the set of homomorphisms from G into GL(V), the 
group of all invertible linear transformations of V, which is called the general linear group 
over V. 


Proof. Suppose that p : G — GL(V) is a homomorphism, then the action of G on V is 
defined by setting gv = p(g)(v), and it is clear that this action is linear. 

Conversely, if we have a linear action of G on V, then we can define a homomor- 
phism p : G — GL(V) by p(g)v = gv. These processes are mutually inverse, which gives 
the desired correspondence. 


Definition 22.2.2. A homomorphism p : G — GL(V), where G is a group and V isa 
K-vector space called a linear representation or group representation of Gin V. 


From Theorem 22.2.1, it follows that the study of group representations is equivalent 
to the study of linear actions of groups. This area of study, with emphasis on finite groups 
and finite-dimensional vector spaces, has many applications to finite group theory. 

The modern approach to the representation theory of finite groups involves another 
equivalent concept, namely that of finitely generated modules over group rings. 

In Chapter 18, we considered R-modules over commutative rings R, and used this 
study to prove the fundamental theorem of finitely generated modules over principal 
ideal domains. In particular, we used the same study to prove the fundamental theorem 
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of finitely generated Abelian groups. Here we must extend the concepts and allow R to 
be a general ring with identity. 


Definition 22.2.3. Let R be a ring with identity 1, and let M be an Abelian group written 
additively. M is called left R-module if there isa map Rx M — M written as (r,m) > rm 
such that the following hold: 

(1) 1-m=m; 

(2) r(m+n)=rm+rn; 

(3) (r+s)m=rm+sm; 

(4) r(sm) = (rs)m; 


for allr,s ¢ Randm,ne M. 

We can similarly define the notion of a right R-module via a map from M x R to M 
sending (m, 1) to mr, which satisfies the analogous properties to those above. If R is com- 
mutative, then every left module can in an obvious manner be given a right R-module 
structure; hence, it is not necessary in the commutative case to distinguish between left 
and right R-modules. 

We always use the wording R-module to denote left R-module, unless otherwise 
specified. 


Definition 22.2.4. An R-module M is finitely generated if every element of M can be writ- 
ten as an R-linear combination m = r,m,+---+1r,m, for a finite subset {m,,...,m,} of M. 


Finite minimal sets for a given module may have different numbers of elements. 
This is in contrast to the situation in free R-modules over a commutative ring R with 
identity, where any two finite bases have the same number of elements (Theorem 18.4.6). 

In the following, we review the module theory that is necessary for the study of 
group representations. The facts we use are straightforward extensions of the respective 
facts for modules over commutative rings or for groups. 


Definition 22.2.5. Let M be an R-module, and let N be a subgroup of M. Then N is an 
R-submodule (or just a submodule) ifrn ¢ N for everyr ¢ Randne N. 


Example 22.2.6. The R-submodules of a ring R are exactly the left ideals of R (see Chap- 
ter 1). Every R-module M has at least two submodules, namely, M itself and the zero 
submodule {0}. 


Definition 22.2.7. A simple R-module is an R-module M # {0}, which has only M and {0} 
as submodules. 


If N is a submodule of M, then we may construct the factor group M/N (recall that 
M is Abelian). We may give the factor group M/N an R-module structure by defining 
r(m+N) =rm+N for everyr ¢ Randm+N € M/N. We call M/N the factor R-module, 
or just factor module of M/N. 
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Definition 22.2.8. Let N,, N, be submodules of an R-module M. Then we define the mod- 
ule sum N, + N, by 


N, +N, ={x+y|xe€N,y € No} cM. 


The sum N, +N, and the intersection N, NN, are submodules of M. If N, NN, = {0}, then 
we call the sum N, + Ny a direct sum and write N, @ N, instead of N, + Np. 

We say that a submodule N of M is a direct summand if there is some other submod- 
ule N’ of M such that M = N @N’. In general, we write kN or N* to denote the direct 
sum 


N@N@:--ON 


of k copies of N. 


As for groups, we also have the external notion of a direct sum. If M and N are 
R-modules, then we give the Cartesian product M x N an R-module structure by setting 
r(m, n) = (rm,rn), and we write M @ N instead of M x N. 

The notions of internal and external direct sums can be extended to any finite num- 
ber of submodules and modules, respectively. 


Definition 22.2.9. A composition series of an R-module M # {0} is a descending series 
M=M)>M,>--:>M, = {0} 


of finitely many submodules M; of M beginning with M and ending with {0}, where the 
inclusions are proper, and in which each successive factor module M;/M,,, is a simple 
module. We call the length of the composition series k. 


Notice the following: 

(1) A module need not have a composition series. For example, an infinite Abelian 
group, considered as a Z-module, does not have a composition series (see Chap- 
ter 12). 

(2) The analog of the Jordan—Ho6lder theorem for groups (see Theorem 12.3.3) holds for 
modules that have composition series. 


Theorem 22.2.10 (Jordan—-Hdlder theorem for R-modules). Ifan R-module M + {0} has a 
composition series, then any two composition series are equivalent; that is, there exists 
a one-to-one correspondence between their respective factor modules. Hence, the factor 
modules are unique, and, in particular, the length must be the same. 


Therefore, we can speak in a well defined manner about the factor modules of a 
composition series. If an R-module M has a composition series, then each submodule N 
and each factor module M/N also has a composition series. 
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If the submodule N and the factor module M/N each have a composition series, 
then the module M also has one (see Chapter 13 for the respective proofs for groups). 


Definition 22.2.11. Let M and N be R-modules, and let ¢ : M — N bea group homomor- 
phism. Then @¢ is an R-module homomorphism if ¢(rm) = rdé(m) for anyr ¢ Randme M. 

As for all other structures, we define monomorphism, epimorphism, isomorphism, 
and automorphism of R-modules in analogy with the definition for groups. 


Analogously, for groups, we have the following results: 


Theorem 22.2.12 (First isomorphism theorem). Let M and N be R-modules, and ¢ : M—N 
an R-module homomorphism. 

(1) The kernel ker(@) = {m € M | ¢(m) = 0} of d is a submodule of M. 

(2) The image Im(@¢) = {n € N | 6(m) = n for some m € M} of @ is a submodule of N. 

(3) The R-modules M/ker@ and Im(@) are isomorphic via the map induced by @. 


If the R-modules M and N are R-module isomorphic, then we write M = N. 


Corollary 22.2.13. An R-module homomorphism ¢ : M — N is injective if and only if 
ker() = {0}. 
Theorem 22.2.14 (Second isomorphism theorem). Let N,, N, be submodules of an R-mod- 
ule M. Then 

(N, + N2)/Ny = N,/(N,N)). 


Theorem 22.2.15 (Schur’s lemma). Let M and N be simple R-modules, and let 6: M — N 
be anonzero R-module homomorphism. Then @ is an R-module isomorphism. 


Proof. Since both M and N are simple, we must have either ker(@) = M or ker(@) = {0}. 
If ker(d) = M, then ¢ = 0 the zero homomorphism. Hence, ker(@) = {0} and Im(@) = N. 
Therefore, if @ # 0, then @ is an R-module isomorphism. 


Group Rings and Modules over Group Rings 
We now introduce the class of rings, whose modules we will study for group represen- 
tations. They form the class of group algebras. 


Definition 22.2.16. Let R be a ring and G a group. Then the group ring of G over R, de- 
noted by RG, consists of all finite R-linear combinations of elements of G. This is the set 
of linear combinations of the form 


{> gg | alla, € Rf. 
geG 


For addition in RG, we take the rule 


Y agg + Y Beg = Y (Ag + By)8. 


geG geG geG 
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Multiplication in RG is defined by extending the multiplication in G: 


(¥ aye)( DBs) = YY aghrah 


geG geG geGheG 


= ¥ (Fahy) x 


XEG \geG 


The group ring RG has an identity element, which coincides with the identity element 
of G. We usually denote this by just 1. 


From the viewpoint of abstract group theory, it is of interest to consider the case, 
where the underlying ring is an integral domain. In this connection, we mention the 
famous zero divisor conjecture by Higman and Kaplansky, which poses the question 
whether every group ring RG of a torsion-free group G over an integral domain R or 
over a field K has no zero divisors. 

The conjecture has been proved only for a fairly restricted class of torsion-free 
groups. 

In this chapter, we will primarily consider the case where R = K is a field and the 
group G is finite, in which case the group ring KG is not only a ring, but also a finite- 
dimensional K-vector space having G as a basis. In this case, KG is called the group alge- 
bra. 

In mathematics, in general, an algebra over a field K is a K-vector space with a 
bilinear product that makes it a ring. That is, an algebra over K is an algebraic structure 
A with both a ring structure and a K-vector space structure that are compatible. That is, 
a(ab) = (aa)b = a(ab) for any a € K and a,b « A. An algebra is finite-dimensional if it 
has finite dimension as K-vector space. 


Example 22.2.17. (1) The matrix ring M(n, K) is a finite-dimensional K-algebra for any 
natural number n. 
(2) The group ring KG is a finite-dimensional K-algebra when the group G is finite. 


Definition 22.2.18. A homomorphism of K-algebras is a ring homomorphism, which is 
also a K-linear transformation. 


Modules over a group algebra KG can also be considered as K-vector spaces with 
ae K acting asa-1€ KG. 


Lemma 22.2.19. If K is a field, and G is a finite group, then a KG-module is finitely gener- 
ated if and only if it is finite-dimensional as a K-vector space. 


Proof: If V is generated as a KG-module by {vj,...,v,}, then V is generated as a K-vector 
space by {gvj,...,Vv,,}, and hence has finite dimension as a K-vector space. The converse 
is clear. 
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We now describe the fundamental connections between modules over group alge- 
bras and group representation theory. 


Theorem 22.2.20. If K is a field and G is a finite group, then there is a one-to-one cor- 
respondence between finitely generated KG-modules and linear actions of G on finite- 
dimensional K-vector spaces V, and hence with the homomorphisms p : G > GL(V) 
for finite dimensional K-vector spaces V. 


Proof: If V is a finitely generated KG-module, then dim K(V) < oo by Lemma 22.2.19, 
and the map from G x V to V obtained by restricting the module structure map from 
KG x V to V isa linear action. 

Conversely, let V be a finite-dimensional K-vector space, on which G acts linearly. 
Then we place a KG-module structure on V by defining 


e agg )v =) a,(gv) for 


geG geG 
YiageKG and veV. 
geG 


The processes are inverses of each other. 


To define a KG-module structure on a K-vector space V, it suffices to stipulate the 
action of the elements of G on V. The action of arbitrary elements of KG on V is then 
defined by extending linearly. 

As indicated for the remainder of this section, G will denote a finite group, and K will 
denote a field. All K-vector spaces will be finite dimensional, and all KG-modules will be 
finitely generated and hence of finite dimension as a K-vector space. Our attention will 
primarily be on KG-modules, although on occasion it will be convenient to work with 
the linear representation p : G > GL(V) with p(g) = gv for g € G,v € V arising froma 
given KG-module V. 


Example 22.2.21. (1) The field K can always be considered as a KG-module by defining 
ga = A for all g € Gand A € K. This module is called the trivial module. 
(2) Let G act on the finite set X = {x,,...,x,}. Let KX be the set 


n 
{Se | c, € Kx; € X fori = baal 
i=1 

of all formal sums of K-linear combinations of elements of X. This then has a 
K-vector space structure with basis X. On KX, we may define a KG-module in the 
following manner: If g € G and ), cx; € KX, then 


(> ex) = » Ci(8X)). 
i=l 


i=1 
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These modules are called the permutation modules. 
(3) Let U,V be KG-modules. Then the (external) direct sum U @ V has a KG-module 
structure given by 


&(u, v) = (gu, 8V). 


(4) Let U,V be KG-modules, and let Hom,¢(U, V) be the set of all KG-module homo- 
morphisms from U to V. For ¢, W ¢ Hom,,(U, V) define ¢ + W ¢ Homx,(U, V) by 


(@ + W)(u) = (uw) + YU). 


With this definition Hom,,(U, V) is an Abelian group. Furthermore, Hom,,(U.V) 

is a K-vector space with (Ag)(u) = Ag(u) for A « K, u € U and @ € Hom,,(U, V). 

Note that this K-vector space has finite dimension. The K-vector space Hom,,(U, V) 
also admits a natural KG-module structure. For g « Gand @ ¢ Hom,,(U, V) then, we 
define 


gb: U >V_ by (go)(u) = g(¢(g"W))). 
It is clear that g@ ¢ Hom,,(U, V). 


For £1, 2) € G, and @ € Homg,(U, V) then, 


((8182)9)(U) = 81829( (8182) UW) = 81(826(87'(8;'w))) 
= 81(89)(8; (W) = (81(82(¢))(w). 


Therefore, (2122)@ = 21(22@). It follows that Hom,¢(U, V) has a KG-module structure. 
G acts on Hom,;(U, V), and we write U* for Hom,,(U, K), where K is the trivial 
module. U~ is called the dual module of U, and here we have (g@)(u) = o(g tu). 


Theorem 22.2.22 (Maschke’s Theorem). Let G bea finite group, and suppose that the char- 
acteristic of K is either 0 or co-prime to |G|; that is, gcd(char(K),|G|) = 1. If U is a KG- 
module and V is a KG-submodule of U, then V is a direct summand of U as KG-modules. 


Proof. U is, in particular, a finite-dimensional K-vector space, and V is a K-subspace. 
Any basis for V can be extended to a basis of U. Hence, there is some subspace W of U 
such that U = V@W as K-vector spaces. However, W may not be a KG-submodule of U. 
Let z : U — V be the projection of U onto V in terms of the vector space decomposition 
so that the map 77 is the unique linear transformation; that is, the identity on V and zero 
on W. We now define a linear transformation 


m:U>U 
by 


n'(u)= ~ ¥ gn(g tu) forue U. 
geG 
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Since char(K) = 0, or gcd(char(K), |G|) = 1, it follows that |G| # 0 in K; hence, ai exists 
in K. Therefore, the definition of z’ makes sense. 

We have gv € V for any g € Gandv é€ V, because V is a KG-submodule of U. 
Therefore, the map z’ maps U into V. moreover, since 7 is the identity on V, we have 
that gm(g‘v) = gg 1(v) = v for any g « Gand v € V. Therefore, the restriction of 7’ to V 
is the identity. It also follows that U = V eker(z') as K-vector spaces. It remains to show 
that ker(z’) is a KG-submodule of U. 

To show this, it is sufficient to show that z’ is a KG-module homomorphism; that is, 
we must show that 7’ (xu) = xm'(u) for any x ¢ Gand u < U. We have 


But as g varies through G further, y = x ‘g varies through G for fixed x € G. 
Therefore, 


as required. 


Definition 22.2.23. A module U is semisimple if it is a direct sum of simple modules. If 
U = {0}, then the sum is the empty sum. 


Corollary 22.2.24. Let G be a finite group and K a field. Suppose that either char(K) = 0 
or char(K) is relatively prime to |G|. Then every nonzero KG-module is semisimple. 


Proof. Let U be a nonzero KG-module. We use induction on dim,(V). If U is simple, we 
are done. This includes the case where dim,;(V) = 1. Suppose that dim,(V) > 1, and 
assume that U is not simple. Then U must have a nonzero proper KG-submodule V. By 
Maschke’s theorem, we have U = V @ W for some nonzero proper KG-submodule W 
of U. Then both V and W have dimension strictly less than dim, (U). By the induction 
hypothesis, both V and W are semisimple; therefore, U is semisimple. 


We now present a version of Maschke’s theorem for linear group representations 
p:G — GL(V), where p(g)(u) = gu for g € G,u ¢€ U, which arises from the given 
KG-module U. To formulate Maschke’s result, we need some additional definitions and 
notation. 
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Definition 22.2.25. (1) A K-vector subspace V of U is a G-invariant subspace if gv « V 
for allg ¢ Gandve V. 

(2) Let U be nonzero. A representation p : G > GL(U) is irreducible if {0} and U are the 
only G-invariant subspaces of U. 

(3) Let U be nonzero. A representation p : G — GL(U) is fully reducible if each 
G-invariant subspace V of U has a G-invariant complement W in U; that is, U = 
V @ Was K-vector spaces. 


Theorem 22.2.26 (Maschke’s theorem). Let G be a finite group and K a field. Suppose that 
either char(K) = 0 or char(K) is relatively prime to |G|. Let U be a finite-dimensional 
K-vector space. Then each representation p : G > GL(V) is fully reducible. 


Proof. By Theorem 22.2.1, we may consider U as a KG-module. Then the above version 
of Maschke’s theorem follows from the proof for modules, because the KG-submodules 
of U together with the respective definitions for group representations represent the 
G-invariant subspaces of U. 


The theory of KG-modules, when char(K) = p > 0 and p, divides |G]. In which case, 
arbitrary KG-modules need not be semisimple, and is called modular representation the- 
ory. The earliest work on modular representations was done by Dickson and many of 
the main developments were done by Brauer. More details and a good overview may be 
found in [1], [4], [5], and [18]. 


22.3 Semisimple Algebras and Wedderburn’s Theorem 


In this section, K will denote a field and all algebras will be finite dimensional K-algebras 
and, unless explicitly stated otherwise, will be algebras with an identity element. All 
modules and algebras are assumed to be finitely generated or equivalently finite- 
dimensional as K-vector spaces. All direct sums of modules will be assumed to be 
finite. Let A be an algebra. We are interested in semisimple A-modules, and want to 
determine conditions on A so that every A-module is semisimple. 


Lemma 22.3.1. Let M be an A-module. Then the following are equivalent: 
(1) Any submodule of M is a direct summand of M. 

(2) M is semisimple. 

(3) M is asum of simple submodules. 


Proof. The implication (1) => (2) follows in the same manner as Corollary 22.2.24. The 
implication (2) ==> (3) is direct. 

Finally, we must show the implication (3) ==> (1). Suppose that (3) holds, and let 
N be a submodule of M. Let V also be a submodule of M; that is, maximal among all 
submodules of M that intersect N trivially. Such a submodule V exists by Zorn’s lemma. 
We wish to show that N+V = M. Suppose that N+V # M (certainly wehave N+V c M). If 
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every simple submodule of M were contained in N+V, thenas M can be written asa sum 
of simple submodules, we would have M c N + V. This is not the case, since N+ V # M. 
Hence, there is some simple submodule S of M that is not contained in N + V. Since 
Sn(N+V) is a proper submodule of the simple module S, we must have Sn(N+V) = {0}. 
In particular, SnV = {0},so we have V c V+S.Letn € Nn(V+S). Thenn = s+v for some 
véVands€S. This givess =n-—v ¢ SON + V,and therefore s = 0. Hence, n = v, which 
forces n to be 0, because NN V = {0}. It follows that NN (V +S) = {0}, which contradicts 
the maximality of V. Hence, we now have M = N + V. Furthermore, since NN V = {0}, 
we get that the sum is direct and M = N @ V. Therefore, N is a direct summand of M, 
which proves the implication (3) => (1) completing the proof of the lemma. 


Lemma 22.3.2. Submodules and factor modules of semisimple modules are also semi- 
simple. 


Proof. Let M be a semisimple A-module. By the previous lemma and the isomorphism 
theorem for modules, we get that every submodule of M is isomorphic to a factor module 
of M. Therefore, it suffices to show that factor modules of M are semisimple. Let M/N 
be an arbitrary factor module, and let n : M > M/N withm+> m+N be the canonical 
map. Since M is semisimple, we have M = S, +---+ S, withn € N, and each S; a simple 
module. Then M/N = n(M) = n(S,) +--+: + (S,). But each n(S;) is isomorphic to a factor 
module of S;, and hence each n(S;) is either {0} or a simple module. Therefore, M/N isa 
sum of simple modules, and hence semisimple by Lemma 22.3.1. 


Definition 22.3.3. An algebra A is semisimple if all nonzero A-modules are semisimple. 


Note that if G is a finite group, and either char(K) = 0 or gcd(char(K), |G|) = 1, then 
KG is semisimple. 
We now give some fundamental results on semisimple algebras. 


Lemma 22.3.4. The algebra A is semisimple if and only if the A-module A is semisimple. 


Proof. Suppose that the A-module A is semisimple, and let M be an A-module generated 
by {m,...,m,}. 
Let A’ denote the direct sum of r copies of A; (a,,...,a,) > am, +---+a,m, defines 
a map from A” to M, which is an A-module epimorphism. Thus, M is isomorphic to a 
factor module of the semisimple module A’, and hence semisimple by Lemma 22.3.2. It 
follows that A is a semisimple algebra. 
The converse is clear. 


Theorem 22.3.5. Let A be a semisimple algebra, and suppose that as an A-module, we 
have 


A=S,0---@S,, reN, 


where the S; are simple submodules of A. Then any simple A-module is isomorphic to 
some S;. 
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Proof. Let S be a simple A-module and s € S with s # 0. We define an A-module homo- 
morphism ¢@ : A — S by ¢(a) = as fora ¢ A. Since S is simple, the map ¢@ is surjective. 
For each i, let be ¢; = @ |g, the restriction of @ to S;. If @; = 0 for all i, then we would 
have @ = 0. Hence, @¢; is nonzero for some i, and it follows from Schur’s lemma that 
@; : S; — S; is an isomorphism for such an i. 


Theorem 22.3.6. Suppose that A is a semisimple algebra, and let S;,...,S, bea collection 
of simple A-modules such that every simple A-module is isomorphic with exactly one S;. 
Let M be an A-module, and let 


M =m,S,+-:-+m,S, 


for some integers m; € IN U {0}. Then the m;, are uniquely determined. 


Proof: There is a composition series of m,S, © --- ® m,S, having m, + --- + m, terms, 
in which S; appears m, times as a composition factor. The result then follows from the 
Jordan-Hdélder theorem for modules (Theorem 22.2.10). 


Whenever the modules S,,...,S, are stated as m,S, + --- + m,S, as in the previous 
theorem, we will say that the S; are the distinct simple A-modules. The S; are nonisomor- 
phic. 

We want to classify all semisimple algebras. We start by showing the semi-simplicity 
of a certain class of algebras, and then showing that all semisimple algebras fall in this 
class. We will introduce this class in steps. 

Let Dbea finite-dimensional K-algebra. Then for anyn ¢€ N, the set M(n, D) of (nxn)- 
matrices with entries in D is a finite-dimensional K-algebra of dimension n’dim,(D). 
Algebras of this form are called matrix algebras over D. 

For1<ij <n,anda ¢ D, let F(a) be the matrix, whose only nonzero entry is equal 
to a, and occurs in the (i, j)-th position. 

Let D” be the set of column vectors of length n with entries from D, then D" forms 
an M(n, D)-module under matrix multiplication. 


Definition 22.3.7. An algebra D is a division algebra or skew field if the nonzero ele- 
ments of D form a group. Equivalently, it is a ring, where every nonzero element has a 
multiplicative inverse. It is exactly the definition of a field without requiring commuta- 
tivity. 


Any field K is a division algebra over itself, but there may be division algebras that 
are noncommutative. If the interest is on the ring structure of D, one often speaks about 
division rings (see Chapter 7). 


Theorem 22.3.8. Let D be a division algebra and n € IN. Then any simple M(n, D)-module 
is isomorphic to D", and M(n, D) is an M(n, D)-module isomorphic to the direct sum of n 
copies of D". In particular, M(n, D) is a semisimple algebra. 
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Proof. Anonzero submodule of D" must contain some nonzero vector, which must have 
a nonzero entry x in the j-th place for some j. This x is invertible in D. 

By premultiplying this vector by Ej(x~'), we see that the submodule contains the j-th 
canonical basis vector. By premultiplying this basis vector by appropriate permutation 
matrices, we get that the submodule contains every canonical basis vector, and hence 
contains every vector. 

It follows that D” is the only nonzero M(n, D)-submodule of D", and hence D" is 
simple. Now for each 1 < k < n, let C; be the submodule of M(n, D) consisting of those 
matrices, whose only nonzero entries appear in the k-th column. Then we have 


n 
M(n,D) = DC, 
k=1 


as M(n, D)-modules. But each C, is isomorphic as an M(n, D)-module to D”. 
It follows that M(n, D) is a semisimple algebra by Lemma 22.3.4, and then D” is the 
unique simple M(n, D)-module by Theorem 22.3.5. 


Definition 22.3.9. A nonzero algebra is simple if its only (two-sided) ideals (as a ring) 
are itself and the zero ideal. 


Lemma 22.3.10. Simple algebras are semisimple. 


Proof. Let A be a simple algebra, and let 2 be the sum of all simple submodules of A. Let 
S be a simple submodule of A, and let a € A. Then the map @: S — Sa, givenby s+ sa, 
is a module epimorphism. Therefore, Sa is simple, or Sa = {0}. In either case, we have 
Sa c X for any submodule S and anya € A. 

It follows that = is a right ideal in A, and hence that Sa is a two-sided ideal. How- 
ever, A is simple, and & # {0}, so we must have x = A. Therefore, A is the sum of 
simple A-modules, and from Lemmas 22.3.1 and 22.3.4, it follows that A is a semisimple 
algebra. 


Theorem 22.3.11. Let D be a division algebra, and let n € N. Then M(n,D) is a simple 
algebra. 


Proof. Let M € M(n,D) with M # {0}. We must show that the principal two-sided ideal 
J of M(n, D) generated by M is equal to M(n, D). 

It suffices to show that J contains each Ej (1), since these matrices generate M(n, D) 
as an M(n, D)-module. Since M # {0}, there exists some 1 < r,s < nsuch that the (r, s)- 
entry of M is nonzero. We call this entry x. By calculation, we have 


Eg(L) = Egp(x7')ME gg (1) € J. 


Now let 1 < i,j < n, and let w,w’ be the permutation matrices corresponding to the 
transpositions (i, s) and (s,/j), respectively. Then Ey) = WE,,(1)w' € J. 
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Let B,,...,B, be algebras. The external direct sum B = B, @B,@---@B, is the algebra, 
whose underlying set is the Cartesian product, and whose addition, multiplication, and 
scalar multiplication are defined componentwise. 

If M is a B;-module for some i, then M has a B-module structure given by 


(by,...,b,)m = bym. 


If M is simple (respectively semisimple) as a B;-module, then M is also simple (respec- 
tively semisimple) as a B-module. For each i, the set of elements of B, whose only nonzero 
entry is in the ith component of B, is an ideal in B, and this ideal is B-module isomorphic 
to B;. 

Now suppose that B is an algebra having ideals B,,..., B, such that, as vector spaces, 
Bis the direct sum of the B;. Then B is isomorphic to the external direct sum B, @---®B, 
by the map 


b=b,+---+)D, + (by,...,,). 


The algebra B is the internal direct sum as algebras of the B;. This can be seen as follows. 
Ifi #j and b; € B;, bj € Bj, then we must have b,b; <¢ B; NB; = {0}, since B; and B; are 
ideals. Therefore, the product in B of b, + --- +b, and bj + ---b/. is just b,b} + --- + b,bi.. 

Lemma 22.3.12. Let B = B, ®---®B, be a direct sum of algebras. Then the (two-sided) 
ideals of B are precisely the sets of the form J, ®--- ®J,, where J; is a (two-sided) ideal of 


B; for eachi. 


Proof. Let J be a (two-sided) ideal of B, and let J; = JB; for each i. Certainly, @}_, Ji < J. 

Let b €« J, then b = b, + --- + b, with Db; € B; for each i. For some i, consider e; = 
(0,...,0,1,0,...,0); that is, the element of B, whose only nonzero entry is the identity 
element of B;. Then b = be; ¢ J 1B; = J;. Therefore, b ¢ @j_,J;, which shows that 
J=f,®--- ®J,. 


The converse is clear. 


Theorem 22.3.13. Let r €« NN. For each1 < i < 1, let D; be a division algebra over K. 
Let n; € N, and let B; = M(n;, D,). Let B be the external direct sum of the B;. Then Bis a 
semisimple algebra having exactly r isomorphism classes of simple modules and exactly 
2" (two-sided) ideals, namely, every sum of the form Dje 1 Bj, where] is asubset of {1,...,r}. 


Proof: For each i, we write B; = Cj, ®--- ® Cj, using Theorem 22.3.8, where the Ci, are 
mutually isomorphic B;-modules. As we saw above, each C; is also simple as a B-module. 
Therefore, as B-modules, we have B = Q j Ci» and hence B is a semisimple algebra by 
Lemma 22.3.4. From Theorem 22.3.5, we get that any simple B-module is isomorphic to 
some Cj, but Cj = C,; ifand only ifi = k. Hence, there are exactly r isomorphisms of sim- 
ple B-modules. The final statement is a straightforward consequence of Theorem 22.3.11 
and Lemma 22.3.12. 
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We saw that a direct sum of matrix algebras over a division algebras is semisimple. 
We now start to show that the converse is also true; that is, any semisimple algebra is iso- 
morphic to a direct sum of matrix algebras over division algebras. This is Wedderburn’s 
theorem. 


Definition 22.3.14. If M is an A-module, then let End,(M) = Hom,(M, M) denote the 
set of all A-module endomorphisms of M. In a more general context, we have seen that 
End,(M) has the structure of an A-module via 


(@ + H)(m) = d(m) + Ym) 
(Ad)(m) = o(Am) 


for all ¢, w € End,(M),A ¢ A,and m € M. This composition of mappings gives a multipli- 
cation in End,(M), and hence End,(M) is a K-algebra, called the endomorphism algebra 
of M. 


Definition 22.3.15. The opposite algebra of B, denoted B’’, is the set B together with the 
usual addition and scalar multiplication, but with the opposite multiplication, that is, 
the multiplication rule of B reversed. 


Given a,b <€ B, we use ab to denote their product in B, and a - b to denote their 
product in B°?. Hence, a-b = ba. We certainly have (B°?)°? = B. If Bis a division algebra, 
then so is B°?. The opposite of a direct sum of algebras is the direct sum of the opposite 
algebras, because the multiplication in the direct sum is defined componentwise. 

Endomorphism algebras and opposite algebras are closely related. 


Lemma 22.3.16. Let B be an algebra. Then B°? = End,(B). 


Proof: Let @ € End,(B), and let a = (1). Then ¢(b) = b@(1) = ba for any b « B; hence, 
is equal to the automorphism w,, given by right multiplication of a. Therefore, End,;(B) = 
{W, : a € B}; hence, End,(B) and B are in one-to-one correspondence. To finish the proof, 
we must show that {,W, = W,» for any a,b € B. 

Let a,b € B. Then WaWy(X) = Wg(xb) = xba = Wya(X) = Wap(X), as required. 


Lemma 22.3.17. Let S;,...,Sr be the r distinct simple A-modules of Theorem 22.3.6. For 
each i, let U; be a direct sum of copies of S;, and let U = U, ®--- ®U,. Then 


End,(U) = End,(U;) @--- ® End,(U,,). 


Proof: Let @ ¢ End,(U). Fix some i. Then every composition factor of U; is isomorphic 
to S;. Therefore, by the Jordan—Hdélder theorem for modules (Theorem 22.3.10), we see 
that the same is true for @(U;), since ¢(U;) is isomorphic to a quotient of U;. Assume that 
@(U;) is not contained in U;. Then the image of @(U;) in U/U; under the canonical map 
is a nonzero submodule, having S; as a composition factor. However, the composition 
factors of U/U; are exactly those S; for j # i. This gives a contradiction. It follows that 
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@(U;) ¢ U;, and a submodule of U/U; cannot have S; as a composition factor. For each i, 
we can define ¢; = $),, and we have @; ¢ End, (Uj). In this way, we define a map 


by setting 
T(@) = (gy see ,) € End,(U;) ®:--@® End, (U,). 


It is straightforward that I is an A-module monomorphism. 
A 
Now let (¢,,...,@,) € End,(U,) ®---® End,(U,). We define @ € End,(U) as follows: 
Given x € U with x = x, +---+x;,, and x; € U; for each i, then 


A 


p(x) = $40%) meanest b,(X;)- 


A 
We then have (@,,..., @,) = I(@), which shows that I is surjective, and hence an isomor- 
phism. 


Lemma 22.3.18. IfS is a simple A-module, then End,(nS) = M(n,End,(S)) forn € N. 


Proof. We regard the elements of nS as being column vectors of length n with entries 
from S. Let ® = (i) € M(n, End,(S)). We now define the map 


T(®) :nS > ns 
by 
Sy ou «Qin Sy 
I(®) = : : 
Sy Ont ne Onn Sn 
14(Sy) + +++ + Pin (Sp) 
Pm (S1) Henge Pnn(Sn) 
We write S = ( : ) é nS. Then 


I(®(as + f)) = al(®)(8) + T(®)(P) 


for any a € Aand’s, f € nS, because each , is an A-module homomorphism. There- 
fore, '(®) € End,(nS), and we easily obtain that 


I: M(n, (End,(S))) > End, (nS) 
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by 
® + TO) 


is an algebra monomorphism. 
Now let y € End,(nS). For each 1 < i,j < n, we define pj : S — S implicitly by 


0 
oY [Pu a \ Pints) 
Oi f=] i [bl oat: 
A Pri (S) - Pnn(S) 


We get that each Qi € End,(S). Now let ¥ = (Wii) € M(n,End,(S)). Then T(¥) = y, 
showing that TI is also surjective, and hence an isomorphism. 


If Sis a simple A-module, then End,(S) is a division algebra by Schur’s lemma (The- 
orem 22.2.15). If the ground field K is algebraically closed, then more specific results can 
be stated about the structure of End,(S). 


Lemma 22.3.19. Suppose that K is algebraically closed, and let S be a simple A-module. 
Then End,(S) = K. 


Proof: Let @ ¢ End,(S). Consider ¢ as an invertible K-linear map of the finite-dimen- 
sional K-vector space S onto itself. Since K is algebraically closed, ¢ has a nonzero eigen- 
value Ag € K. 

IfJ is the identity element of End,(S), then (P-Agl ) € End,(S) has a nonzero kernel, 
and therefore is not invertible. From this, it follows that @ = Agl, since End,(S) is a 
division algebra. The map @ +> A, is then an isomorphism from End,(S) to K. 


Lemma 22.3.20. Let B be an algebra. Then (M(n, B))? = M(n, B°?) for any n € N. 


Proof. Define the map w : (M(n, B))°? > M(n, B°?) by W(X) = X‘, where X’ is the trans- 
pose of the matrix X. This map is bijective. 
Let X = (xj) and Y = (yj) be elements of (M(n, B))*?. Then for any i and j we have 


(YAW) 9 = Y VO PO = VO Cig 
k=1 k=1 
=) Xa: Ye = Y YX = Xi 
k=1 k=1 
= ((YX)')y = (K+ ¥)')g = WX - Vy. 


Therefore, p(X - Y) = W(X)W(Y), and then y is an algebra homomorphism, and since it 
is bijective also an algebra isomorphism. 
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We are now at the point of stating Wedderburn’s theorem. 


Theorem 22.3.21 (Wedderburn). The algebra A is semisimple if and only ifit is isomorphic 
to a direct sum of matrix algebras over division algebras. 


Proof: Suppose that the algebra A is semisimple. Then A is of the form A = U, ®--- ®U,, 
where each JU; is the direct sum of n; copies of a simple A-module S;, and no two of the 
distinct S; are isomorphic. 

We have A” = End,(A) by Lemma 22.3.16, and A? = End,(U,) @--- @ End,(U,) 
by Lemma 22.3.17. Therefore, A? = End,(n,S,) © --- ® End,(n,S,), and then by Lem- 
ma 22.3.16, A°?? = M(n,, End,(S,)) &---@ M(n,, End, (S,.)). Now, from Lemma 22.3.18, 


A= M(m,End,(S,)) ®---® M(n,,End,(S,))” 
(nm, End4(S,))” @---@ M(n,, End,(S,))” 


M 
= M(n,, End,(S,))” @---@M(n,,End4(S,)”)””. 
Since the endomorphism algebra of a simple module is a division algebra, and the 
opposite algebra of a division algebra is also a division algebra, it follows that a semisim- 
ple algebra is isomorphic to a direct sum of matrix algebras over division algebras. The 


converse is a direct consequence of Theorem 22.3.13. 


Theorem 22.3.22. The algebra A is simple if and only if it is isomorphic to a matrix alge- 
bra over a division ring. 


Proof. Suppose that A is a simple algebra. Then by Lemma 22.3.10, A is semisimple; 
hence, by Theorem 22.3.21, A is isomorphic to a direct sum of R matrix algebras over 
division algebras. From Theorem 22.3.13, we have that A has exactly 2” ideals. However, 
A is simple, and hence has only 2 ideals. Therefore, r = 1, and any simple algebra is 
isomorphic to a matrix algebra over a division algebra. The converse follows from The- 
orem 22.3.11. 


We see that an algebra is semisimple if and only if it is a direct sum of simple alge- 
bras. This affirms the consistency of the choice of terminology. 


Theorem 22.3.23. Suppose that the field K is algebraically closed. Then any semisimple 
algebra is isomorphic to a direct sum of matrix algebras over K. 


Proof. This follows directly from Lemma 22.3.19 and Theorem 22.3.21. 


22.4 Ordinary Representations, Characters and Character Theory 


In this section, we look at a concept, the character of a representation, which gives more 
information than one might expect at first glance. Throughout this section, we will be 
concerned with the case, where the ground field K is C, the field of complex numbers. In 
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this case, representation theory of groups is called ordinary representation theory. Recall 
that C has characteristic 0 and is algebraically closed. For this section, G will denote 
a finite group, and all CG-modules are finitely generated, or equivalently have finite 
dimension as C-vector spaces. From Theorem 22.3.21, we see that every nonzero CG- 
modules is semisimple for any group G. It follows, from Wedderburn’s theorem, that we 
have very specific information about the nature of the group algebra CG. 


Theorem 22.4.1. There exists some r € N and some f,,...,f,. € IN such that 
CG = M(f,, C) ®--- ®@M(f,, C) 


as C-algebras. Furthermore, there are exactly r isomorphism classes of simple CG-mod- 
ules, and if we let S,,...,S, be representations of these r classes, then we can order the S; 
so that 


CG =f|S,@--- @f,S, 


as CG-modules, where dim_S; = f; for each i. Any CG-module can be written uniquely in 
the form a,S, ®---®a,S, where alla; € NU {0}. 


Proof. The theorem follows from our results on the classification of simple and semisim- 
ple algebras. The first statement follows from Corollary 22.2.24 and Theorem 22.3.23. The 
second statement follows from Theorems 22.3.8 and 22.3.13, where we take S; as the space 
of column vectors of length f; with the canonical module structure over the ith summand 
M(f;, C). 

The final statement follows from Theorem 22.3.6. 


Definition 22.4.2. The C-dimensions /f,,...,f. ofthe r simple CG-modules are called the 
degrees of the representations of G. 


The trivial CG-module C is one-dimensional, and hence simple. Therefore, G will 
always have at least one representation of degree 1. By convention, we let /; = 1. The 
sizes of the degrees are determined by the order of the group G. 


Corollary 22.4.3. We have 


pd 
DSi = Gl 
i=l 


Proof. Theorem 22.4.1 gives 


el = aime(@6) = aim af.) 


i=1 


= ) dimeM(f,,©) = > fr. 
i=1 i=1 
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We note that the degrees of G divide |G|. We do not need this fact. For a proof see 
the appendix in the book [1]. 


Theorem 22.4.4. The number r of simple G-modules is equal to the number of conjugacy 
classes of G. 


Proof: Let Z be the center of CG; that is, the subalgebra of CG consisting of all elements 
that commute with every element of CG. From Theorem 22.4.1, it follows that Z is iso- 
morphic to the center of M(f,, C)®---@M(f,, C), and therefore is isomorphic to the direct 
sum of the centers of the M(f;, C). It is straightforward that the center of M(f;, C) is equal 
to the set of diagonal matrices 


{aI : I is the identity matrix in M(f;, C), a € C}. 


Hence, the center of M(f;, C) is isomorphic to C, and therefore Z = C’, which implies 
that dim; (Z) =r. 
We now consider an element )’,<¢AgG of Z. For any h € G, we have 


( as AgG)h = n( > AB) 


geG geG 


which leads to 


-1 
Y Agg = Vi Agh gh = ¥ Angha8- 
geG geG geG 

It follows that we must have Ag = Ang, for allg,h € G. 

It also follows then that the coefficients of elements of the center Z are constant on 
conjugacy classes of G, and that a basis for Z is the set of class sums, which are the sums 
of the form >’ ,<c 8, where C is a conjugacy class of G. Thus, dim@Z is equal to the number 
of conjugacy classes of G. 


Characters and Character Theory 
We now define and study the characters of an ordinary representation. 


Definition 22.4.5. If U is a CG-module, then each g ¢€ G defines an invertible linear 
transformation of U viau + gu for u € U.The character of U is the function yy, : G > C 
defined by y,(g), the trace of the linear transformation of U defined by g. 


We note that for any representation U, we have y,(1) = dim_(U), since the identity 
element of G induces the identity transformation of U. Furthermore, if p : G > GL(U) 
is the representation corresponding to U, then y,(g) is just the trace of the map p(g). 
Thus, isomorphic CG-modules have equal characters. 

If g,h € G, then the linear transformations of U, defined by g and hgh", have the 
same trace. These linear transformations are called similar. Therefore, any character 
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is constant on each conjugacy class of G; that is, the value of the character on any two 
conjugate elements is the same. 


Example 22.4.6. Let U = CG and g « G. By considering the matrix of the linear trans- 
formation defined by g with respect to the basis G of CG, we get that 7,(g) is equal to 
the number of elements x € G, for which gx = x. Therefore, we have y,(1) = |G| and 
Xu(g) = 0 for every g € G with g # 1. This character is called the regular character of G. 


The theory of characters was introduced by Frobenius. In connection with number 
theory, he defined characters as being functions from G to C satisfying certain proper- 
ties. However, it turned out that his characters were exactly the trace functions of finitely 
generated CG-modules. In what follows, we describe the properties of characters. 

We first consider the characters of the r simple CG-modules. We denote these by 
Np--->X,-- These are called the irreducible characters of G. 

Whenever we have that S;,..., S, are the distinct (up to isomorphism) CG-modules, 
we order them so that v5, = y; for each i. Because S, = {1} for the trivial representation, 
we let y; be the character of the trivial representation, and call y, the principal character 
of G. We then have y,(g) = 1 forallg € G. 


Definition 22.4.7. A character of a one-dimensional representation CG-module is called 
a linear character. 


Since one-dimensional modules are simple, we get that all linear characters are ir- 
reducible. Let y be the linear character arising from the CG-module U, and let g,h € G. 
Since U is one-dimensional for any u ¢ U, we have gu = y(g)u, and hu = y(h)u. Then 
Xigh)u = (gh)u = x(g)y(h)u. Hence, y is a homomorphism from G to the multiplicative 
group C* = C \ {0}. On the other hand, given a homomorphism ¢ : G > C*, we can 
define a one-dimensional CG-module U by gu = ¢(g)u for g « Gand u € U. Therefore, 
Xy = o. It follows that the linear characters of G are precisely the group of homomor- 
phisms from G to C*. 


Theorem 22.4.8. Let U be a CG-module, and let p : G — GL(V) be the representation 
corresponding to U. Let g € G be of order n. Then the following hold: 

(i) p(g) is diagonalizable. 

(ii) Yy(g) equals the sum (with multiplicities) of the eigenvalues of p(g). 

(iii) Yy(g) is the sum of the y,(1)th roots of unity. 

(iv) yy(g*) = Xy(g) the complex conjugate of xy(g). 

(W) Wo(@)l < xu. 

(vi) The set {x € G | Yy(X) = Yy(D} is anormal subgroup of G. 


Proof. Since g” = 1, we get that p(g) is a zero of the polynomial X” — 1. However, X" -1 
splits into distinct linear factors in C[X], and so it follows that the minimal polynomial 
of p(g) does also. Hence, p(g) is diagonalizable by way of proving (i). From this, we have 
that the trace of p(g) is the sum (with multiplicities) of the eigenvalues proving (ii). The 
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eigenvalues are precisely the zeros of the minimal polynomial of p(g), which divides 
X" — 1. Consequently, these roots are nth roots of unity, which proves (iii), since y,,(1) = 
dim, (U). Each eigenvector of p(g) is also an eigenvector for p(g~') with the eigenvalue 
for p(g) being the inverse of the eigenvalue for p(g). Since the eigenvalues are roots 
of unity, it follows that y,(g~) = yy(g). From this we obtain (iv). 

Now (v) follows directly from (iii). We have already seen that y,(g) is the sum of its 
Xy(D eigenvalues, each of which is a root of unity. If the sum is equal to ,(1), then it 
follows that each of these eigenvalues must be 1, in which case p(g) must be the identity 
map. Conversely, if p(g) is the identity map, then y,(g) = dim-(U) = xy (1). Therefore, 
{x € G:YXy(O) =7y(1)} = Ker(p), and hence is a normal subgroup of G. 


Suppose that y and y are characters of G. We define new functions y + w and yy 
from G to C by (x + W)(g) = x(g) + W(g) and (yP)(g) = x(g)W(g) for g € G. These new 
functions are not a priori characters themselves. Given a scalar A € C, define a new 
function Ay : G > C by (Ay)(g) = Ay(g). Consequently, we can view the characters of G 
as elements of a C-vector space of functions from G to C. 


Theorem 22.4.9. The irreducible characters of G are, as functions from G to C, linearly 
independent over C. 


Proof: We have CG = M(f,,C) ®---® M(f,, C) by Theorem 22.4.1. Let S;,...,S, be the 
distinct simple CG-modules. For each i, let e; be the identity element of M(jf;, C). We fix 
some i. 

Recall that y;(g) is the trace of the linear transformation on S; defined by g € G. The 
linear transformation on S;, given by e;, is the identity. Hence, y;(e;) = dim¢(S;) = fi. 
Moreover, if j # i, then the linear transformation on S; given by e; is the zero map, and 
hence y;(e;) = 0 for j # i. Now suppose that A;,...,A, ¢ C such that Yj-1 AiXj = 9. From 
above, we see that 0 = pe Axjei) = Afi for each i. It follows that A; = 0 for all i; 
therefore, the characters are linearly independent. 


Lemma 22.4.10. Yyav =Xu +Xv for any CG-modules U and V. 


Proof: By considering a C-basis for Ue V, whose first dim-(U) elements form a C-basis 
for U ® {0}, and whose remaining elements form a C-basis for {0} @ V, we get that 


Xuev(S) =Xu (8) +Xv(g) for any g € G. 


Theorem 22.4.11. If S;,...,5, are the distinct (up to isomorphism), simple CG-modules, 
then the character of the CG-module a,S, ®---®a,S, with a; € NU {0} is ayy, +--+ + @,y;. 
Consequently, two CG-modules are isomorphic if and only if their characters are equal. 


Proof. The first statement follows directly from Lemma 22.4.10. Now, suppose that 
Xu =Xv for some CG-modules U and V. 

Since CG is semisimple, we can write U = a,S,®---@a,S, and V = b,S, ®---@D,S, 
with a;, b; € IN U {0}. By taking characters, we have 
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r 


0 = Yu -Xv = >. (a; - DX. 
i=l 


By Theorem 22.4.9, this forces a; = b; for alli, and therefore U = V. 


Definition 22.4.12. A class function on G is a function from G to C, whose value within 
any conjugacy class is constant. 


For example, characters of CG-modules are class functions. 

The set of all class functions on G forms a C-vector space of dimension r, where r is 
the number of conjugacy classes within G. An obvious basis for this vector space is the 
set of class functions on G that have the value 1 on a single conjugacy class, and 0 on all 
other conjugacy classes. 


Theorem 22.4.13. The irreducible characters for G form a basis for the C-vector space of 
class functions on G. 


Proof. By Theorem 22.4.9, the irreducible characters of G are linearly independent el- 
ements of the space of class functions. Their number equals the number of conjugacy 
classes of G by Theorem 22.4.4, and this number is equal to the dimension of the space 
of class functions. 


Definition 22.4.14. Ifa, 6 are class function of G, then their inner product is the complex 
number 


(ap) = — Yale BW. 
iel Ze 


This inner product is a traditional complex inner product on the space of class func- 
tion. Therefore, we have the following properties: 
(1) (a,a) = 0, and (a, a) = 0, if and only if a = 0; 
(2) (a, B) = (B.a); 
(3) (Aa, B) = Aa, B) for all A € C; 
(4) (a, +d, B) = (ay, B) + (a5, B). 


From these basic properties we further have 
(5) (a, AB) = A(a, B), 
(6) (a, By + By) = (a, By) + (a, Bo), 


for all class functions aj, By, a2, Bo, and all A € C. 


Definition 22.4.15. If U is a CG-module, then 


US = {ue U: gu=uforallg € G}. 
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Lemma 22.4.16. If U is a CG-module, then 


Proof: Leta = a deegS € CG. Clearly, ga = a for any g € G, and hence a’ =a.lfTisa 
linear transformation of U, defined by a, then T must satisfy the equation X*-X = 0, and 
consequently, T is diagonalizable. It follows that the only eigenvalues of T are 0 and 1. 
Let U, c U be the eigenspace of T corresponding to the eigenvalue 1. Ifu ¢ U,, then 
gu = gau = au = ufor any g «€ G. Therefore, u < U“. Conversely, suppose that u € U®. 
Then 


iGlau= (gu = > gu= ¥ u= |Glu, 


geG geG geG 


and hence a € U,. It follows that U° = U,. However, the trace of T is equal to the dimen- 
sion of U,, and then the result follows from the linearity of the trace map. 


Theorem 22.4.17. We have (xy,Xy) = dimc (Home, (U, V)) for any CG-modules U, V. 


Recall that Homeg(U, V) is an C-vector space with (@ + #)(u) = @(u) + Wu), and 
(Ag)(u) = Ad(u) for any A € C,u e U and ¢, ¢ Home, (U, V). 


Proof. We observe that Home,(U, V) is a subspace of the CG-module Home¢,(U, V). If 
@ € Home, (U, V) and g € G, then (g@)(u) = gd(g-tu) = gg 1b(u) = (u) for any u € U. 
Hence, gd = @ for all g € G. This implies that ¢ « Hom¢,(U, V)°. By reversing the 
elements, we get Home,(U, V) = Home, (U, V)°. 

Therefore, 


dime(Home,(U, V)) = dime (Home, (U, V)°) 


1 
maT] Y. Xtomeg(U.V) (g) 
geG 


——— 

= — Y x0 @yvg) 
IG] £% 

= (XyXu) 


by Lemma 22.4.16, and part (iii) of Theorem 22.4.8. 
This implies that 


(XwXv) = (XwXu) = (XAvXv) = dim(Home,(U, V)), 


since we know that (7y,7z) is real. 
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The Character Table and Orthogonality Relations 

We have seen that the number of conjugacy classes r in a finite group G is the same 
as the number of irreducible characters. Furthermore, the set of irreducible characters 
form a basis for the space of class functions on G. If 7,,...,7, are the set of irreducible 
characters, and g),...,g, are a complete set of conjugacy class representatives, then the 
rx r-matrix y = (x;(g;)) is called the character table for G. 

We close this section by showing that the rows and columns of the character table 
are orthogonal vectors relative to the defined inner product. These results are called the 
orthogonality relations. As a consequence of these relations, we obtain the fact that the 
irreducible characters form an orthonormal basis for the space of characters. There is 
great deal of other information that can be obtained from the character table. We refer 
to the book by Alperin and Bell [1] for further discussion. 


Theorem 22.4.18 (First orthogonality relation). Let y,,...,7, be the set of irreducible char- 
acters of G. Then 


1 


a Y xlOH(e) = 


geG 


0, fit), 
1, ifi=j. 
In other words, the irreducible characters form an orthonormal set with respect to 
the defined inner product. 
Proof: Let S,,...,5, be the distinct simple CG-modules that go with the irreducible char- 
acters. From the previous theorem, we have 


(XeXj) = dime (Home¢(S;, §;)) 


for any i,j. We further have Homgg(§;, S;) = C, and by Schur’s lemma Home, (Sj, S;) = 0 
for i # j, proving the theorem. 


Corollary 22.4.19. The set of irreducible characters form an orthonormal basis for the 
vector space of class functions. 


Proof. The irreducible characters form a basis for the space of characters, and from the 
orthogonality result they are an orthonormal set relative to the inner product. 


The second orthogonality relation says that the columns of the character table are 
also a set of orthogonal vectors. That is, the irreducible characters of a set of conju- 
gacy class representatives also forms an orthogonal set with respect to the defined inner 
product. 


Theorem 22.4.20 (Second orthogonality relation). Let 7,,...,7, be the set of irreducible 
characters of G, and suppose that g,,...,g, are a set of conjugacy class representatives, 
and k,,...,k, are the orders of the conjugacy classes. Then for any 1 < i,j < r, we have 
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Y Xs (Gidxs(8) = 


s=1 


0, ifit), 
Re Wixi 


Proof. Let y = (¥;(8))1<ij<r be the character table for G, and let K be the r x r diagonal 
matrix with the set {k,,...,k,} as its main diagonal. Then we have (yK);; = x;(8;)k; for 
any i,j. Then 


(XKX) = D kate) - Y xlox@), 
geG 


but this equals = |G|(7;,x;) by the first orthogonality relation. 
Hence, yKx = |G|I, where J is the identity matrix. It follows that for any i,j, we have 


IG| = yk KelG Xe(S), 
and 


0-5 KeG UXe(gi) foris j, 


completing the proof. 


As mentioned before, more information about character tables and their conse- 
quences can be found in [1]. 


22.5 Burnside’s Theorem 


We conclude this chapter by presenting a very important result in finite group theory, 
whose proof uses representation theory. This is Burnside’s Theorem, which asserts that 
any group of order p%q’ with p, q distinct primes must be solvable. Burnside’s result was 
important in the proof of the famous Feit-Thompson theorem, which asserted that any 
group of odd order must be solvable. This was crucial in the classification of finite simple 
groups. 

Recall that a group G is solvable if it has a normal series with Abelian factors. Solv- 
able groups play a crucial role in the proof of the insolvability of the quintic polynomial, 
and we discussed solvable groups in detail in Chapter 12. For the proof, we need the fol- 
lowing two facts about solvable groups: 

1. Ifagroup Ghas anormal solvable subgroup N with G/N solvable, then G is solvable 

(Theorem 12.1.3). 

2. Any finite group of prime power order is solvable (Theorem 12.1.8). 


We start with several lemmas that depend on representation theory. 
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Let G bea finite group, and suppose it has r irreducible representations 7), 75, ...,7, 
of respective degrees m,,m,...,m,. Suppose the respective orders of the r conjugacy 
classes are hy, ho,...,h,. The statements in the lemmas depend on some mild facts on 
algebraic integers. An algebraic integer is a complex number, which is a zero of a monic 
integral polynomial. Here we just need the following two facts: 

1. The set of algebraic integers forms a subring of C. 
2. Ifan algebraic integer is a rational number, then it is an ordinary integer. 


For more information about algebraic integers see Chapter 21. 


Lemma 22.5.1. Let x be a character of G. The value x(g) for any g € Gis an algebraic 
integer: 


Proof. For any g € G, the value y(g) is a sum of roots of unity. However, any root of unity 
satisfies a monic integral polynomial X” — 1 = 0, and hence is an algebraic integer. Since 
the algebraic integers form a ring, any sum of roots of unity is an algebraic integer. 


Lemma 22.5.2. Let y be an irreducible character of G. Let g € Gand C¢(g) the centralizer 
of g in G. Then 


IG: Calg) 
a 


is an algebraic integer. 


Proof: Let S be the simple CG-module having character y. 

Let g € G, and let C be the conjugacy class of g in G. By Theorem 13.2.1, we have 
IC| = IC : Ce(g)l. 

Leta ¢ C,a =} <x X, be the class sum of K. We consider the map g : S > S, g(s) = 
as, for s € S. From Theorem 22.4.4 and its proof, we get that a is in the center of CG. 

This gives » € Endgg(S), and there exists aA € C withas = As for alls € S by 
Schur’s lemma. We obtain 


Ax) = ¥ X00 = ICIx(g) = |G : Col@)|X@) 


XEC 


by taking traces. Therefore, 
IE Colg)l _ 
x) 


Let t : CG > CG, t(z) = za forz € CG. We get t € End¢,(CG) by the proof of Lem- 
ma 22.3.6. Since S is a simple CG-module. Therefore, we may consider S as a submodule 
of CG, and for 0 # s € S c CG, we have 1(s) = sa = as = As, since a is a central element. 


X(8)- 
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Therefore, A is an eigenvalue of 7, and so det(AJ — A) = 0, where J is the identity 
matrix, and A the matrix of t with respect to the C-basis G for CG. Each entry of A is 
either 0 or 1, which means that, in particular, f(X) = det(XI — A) is a monic polynomial 
in X with integer coefficients. Since f(A) = 0, we get that A is an algebraic integer. 


Lemma 22.5.3. Let x be an irreducible character of G. Then x(1) divides |G}. 


Proof: Let g1,5,...,g, be a set of representatives of the conjugacy classes of G. We know 
that 


IG : Ce(SiIIX (Ei) 


Sas “4 


are algebraic integers. By the first orthogonality relation 
r 


YG: Coledlxenx@ = Y Ie: Colgan *22 
i=l a x) 


Hely 2h, 
x0 XQ 


X(8i)> 


which is an algebraic integer, and hence an ordinary integer. 


Lemma 22.5.4. Let G be a character of G, g € Gandy = eae 
If y is a nonzero algebraic integer, then |y| = 1. 


Proof. From Theorem 22.4.8, we know that |y| < 1. 

Suppose that 0 < |y| < 1, and assume that y is an algebraic integer. 

Now, y is an average of complex roots of unity. The same will be true for all o(y) 
with o € Aut(K | Q) =: H, where K is the splitting field of the minimal polynomial of y 
over Q. 

In particular, |o(y)| < 1 for allo ¢ H. Hence, p := | [|e O(y)| < 1. 

On the other hand, p € Z by Theorems 7.3.12 and 16.5.1 (recall that y is a zero of a 
irreducible, monic polynomial with integer coefficients, see Theorem 4.4.3). 

This implies p = 0, and therefore the constant term of the minimal polynomial of y 
over Q must be zero, which gives a contradiction. 

Hence, y cannot be an algebraic integer. 


Theorem 22.5.5. IfG has a conjugacy class of nontrivial prime power order, then G is not 
simple. 


Proof. Suppose that G is simple and that the conjugacy class of 1 # g € G has order p” 
with p a prime number, and n € N. From the second orthogonality relation, we get 


0-9-1 yey = t+ 1 Sxnemncn 
D D =f i i p p be I i\+/> 
where 7;,72,..-,X, are the irreducible characters of G (recall that y, is the principal char- 
acter). 
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Since —? is not an algebraic integer, it follows that 4X jg not an algebraic integer 


for some 2 <i <r. Asy;(g) is an algebraic integer, this implies that p + y,(1), andy;(g) # 0. 
Now |G : Cc(g)| = p” is relatively prime to y,(1). 
Therefore, 


alG : Cg(g)| + by) =1 


for some a,b € Z (see Theorem 3.1.9). 
Thus, 


Xilg) _ alG: Ce(e)lxig) 
Xi) Xi) 


+ by,(g), 


which is an algebraic integer, and therefore |y;(x)| = y;(1). 
Consequently, 


& eZ, = {x ¢G:|yx(x)| =x}. 


We show that Z; is a subgroup of G. 


First of all, if g € Z;, then g™! € Z;. From Theorem 22.4.8, we also get |y;(g)| = 7;(1) if 
and only if g has exactly one eigenvalue. If g € Z;, let this eigenvalue be A(g), so that, if 
U is the CG-module corresponding to y;, then we have gu = A(g)u for allu ¢ U. We now 
see that for g,h € Z;, then (gh)u = A(g)A(h)u for all u € U. Hence, x;(gh) = y;(1)A(g)A(A), 
and thus |y;(gh)| = x;(1), which gives gh «€ Z;. Therefore, Z; is a subgroup of G. 

Now, let K; = {x € G: y,(x) = y;(1)}. K; is anormal subgroup of G, and also in Z;. 

We now want to show that 


ZilKi = Z(G/K;), 


the center of G/K;. If p : G  GL(U) is the representation corresponding to y;, then for 
any g € Z;, the matrix of p(g) (with respect to any C-basis of U) will be scalar, and hence 
p(g) € Z(p(G)). Since p(G) = G/K,;, it follows that Z;/K; is a subgroup of Z(G/K;). Now, 
we apply that y; is irreducible. If gk; ¢ Z(G/K;), then p(g) commutes with p(x) for every 
x € G. Consequently, the map defined by u + gu, u € U, is a CG-endomorphism of U. 
But U is simple, so we have End¢¢(U) = C by Schur’s lemma. 

Therefore, there is a complex root of unity uw such that gu = wu for allu « U. We 
now have j;(g) = 7;(1), and hence g € Z;. Therefore, Z;/K; = Z(G/K;). 

Consequently, if G is non-Abelian and simple, then Z; = {1}. But this gives a contra- 
diction. 


Theorem 22.5.6 (Burnside’s Theorem). If |G| = p“q?, where p and q are prime numbers 
and a,b € N, then G is solvable. 
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Proof. We use induction on a + b. Ifa + b = 1, then G has a prime order, and hence is 
solvable. We now assume that a + b > 2, and that any group of order p’q’, r,s € N, is 
solvable whenever r+s <a+b. 

First of all, ifthe center Z(G) is nontrivial, then G is solvable, because Z(G) is solvable 
and G/Z(G) is solvable by the inductive hypothesis. 

Now, let Z(G) = {1}. 

Then we may take h, = 1 for the conjugacy class of 1. 

By the class equation (see Theorem 13.2.2), we then have 


p'q? =|G| =1+h) +hg +--+ +h,. 


It follows that pq cannot divide each hy, h3,...,h. Hence, h; isa prime power of either p 
or q for some i > 2. If h; is a nontrivial prime power, then from Theorem 22.5.5 it follows 
that G is not simple. 

If h; = 1 for some i > 2, then G has at least two representations into C. The number 
of these representations is given by the Abelianizations, which is given by |G : G’|, where 
G' is the commutator subgroup of G. Then |G : G’| > 1, and since G’ is non-Abelian, G’ 
is a proper normal subgroup. Hence, G is not simple. So, in any case, G is not simple. 
Therefore, G contains a proper normal subgroup N. Since |N|||G|, we have |N| = pug” 
with a, + b, < a+b, since N is a proper subgroup. 

By the inductive hypothesis, N is solvable. Furthermore, |G/N| also divides |G]. So, 
for the same reason, G/N is solvable. Therefore, both N and G/N are solvable, so G is 
solvable by Theorem 12.1.3. 


22.6 Exercises 


1. Let K bea field, and let G be a finite group. Let U and V be KG-modules having the 
same dimension n, and let p : G > GL(U) and T : G — GL(V) be the corresponding 
representations. 

By fixing K-bases for U and V, consider p and t as homomorphisms from G to 
GL(n, K). Show that U and V are KG-module isomorphic if and only if there exists 
some M ¢€ GL(n, K) such that p(g)M = Mr(g) for every g € G. 

2. Let K bea field, and let G be a finite group. Let x = )zcg& € KG. 

(i) Show that the subspace Kx of KG is the unique submodule of KG, that is, iso- 
morphic to the trivial module. 

(ii) Let e : KG — K be the KG-module epimorphism defined by e(g) = 1 for all 
£eG. 
Show that ker(e) is the unique KG-submodule of KG, whose quotient is isomor- 
phic to the trivial module. This kernel is called the augmentation ideal of KG. 


10. 
11. 
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(iii) Suppose that char(K) = p, with p dividing |G|. Show that KG c ker(e), the aug- 
mentation ideal of KG. Show that ker(e) is not a direct summand of KG, and 
hence that the KG-module KG is not semisimple. 

Show that the converse of Corollary 22.2.24 is true. 

Let U be a finite-dimensional K-vector space and let G be a finite group with fully 

reducible representation p : G > GL(U). Show that p gives a direct decomposition 


U=V,0--- eV, 


of U with all V;,i =1,...,k, irreducible G-invariant subspaces of U. 

Show that A is a simple A-module if and only if A is a division algebra. 

Let n € N, and let T,,(K) be the algebra of upper triangular n x n matrices over K. 

(i) Showthat the set V,,(K) of column vectors of K of length n is a T,,(K)-module that 
has a unique composition series, in which every simple T,,(K)-module appears 
exactly once as a composition factor. 

(ii) Show that the T,,(K)-module T,,(K) is isomorphic to the direct sum ofall nonzero 
submodules of V,,(K). 

Let U be an A-module, let n € N, and let U" be the set of column vectors of length 

n with entries from U, considered in the obvious way as an M(n, A)-module. Show 

that U is a simple A-module if and only if U” is a simple M(n, A)-module. 

Let y be an irreducible character of G. Let A be any |G|th root of unity. Show that the 

set {x € G: y(x) = Ay(D} is a normal subgroup of G. 

Prove that the set of algebraic integers forms a subring of C. 

Prove that if an algebraic integer is rational, then it is an ordinary integer. 

Prove that G is simple if and only if the only irreducible character y;, for which 

Nig) = Xi) for some 1 # g € Gis the principal character 7. 


23 Algebraic Cryptography 


23.1 Basic Algebraic Cryptography 


23.1.1 Cryptosystems Tied to Abelian Groups 


Cryptography refers to the science of sending and receiving coded messages. Coding and 
hidden ciphering is an old endeavor used by governments and military, and between 
private individuals from ancient times. Recently, it has become even more prominent 
because of the necessity of sending secure and private information, such as credit card 
numbers and passwords, over essentially open communication systems. 

Traditionally, cryptography deals with devising and implementing secret codes or 
cryptosystems. Cryptoanalysis is the science of breaking cryptosystems while cryptology 
refers to the whole field of cryptography plus cryptoanalysis. 

A cryptosystem or code is an algorithm to change a plain message, called the plain 
text message, into a coded message, called the ciphertext message. In general, both the 
plaintext message (uncoded message) and the ciphertext message (coded message) are 
written in some N-letter alphabet which is usually the same for both plaintext and code. 
The method of coding, or the encoding algorithm, is then a transformation of the N let- 
ters. The most common way to perform this transformation is to consider the N letters 
as N integers modulo N and then apply a number theoretical function to them. There- 
fore, many encoding algorithms use modular arithmetic and hence cryptography is tied 
to number theory and Abelian groups. 

Modern cryptography is usually separated into classical cryptography, called sym- 
metric key cryptography, and public key cryptography. In the former, both the encoding 
and decoding algorithms are supposedly known only to the sender and receiver, usually 
referred to as Bob and Alice. In the latter, the encryption method is public knowledge 
but only the receiver knows how to decode. 

The message that one wants to send is written in plaintext and then converted into 
code. The coded message is written in ciphertext. The plaintext message and the cipher- 
text message are written in some alphabets that are usually the same. The process of 
putting the plaintext into code is called enciphering or encryption while the reverse pro- 
cess is called deciphering or decryption. 

Encryption algorithms break the plaintext and ciphertext message into message 
units. These are single letters or, more generally, k-vectors of letters. The transforma- 
tions are done in these message units and the encryption algorithm is a mapping from 
the set of plaintext message units to the set of ciphertext message units. 

Putting this into a mathematical formulation, we let P to be the set of all plaintext 
message units and C be the set of all ciphertext message units. The encryption algorithm 
is then the application of an injective mapf:P — C.The map f is the encryption map. The 
left inverse map g:C — P is the decryption or deciphering map. The collection {P, C, f, g} 
is called a basic cryptosystem. 
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We may place this in a more general context. We call this wider model a (general) 
cryptosystem, indexed by a set K, called the key space. Formally, a cryptosystem is a tuple 
(P,C,K,€,D) where P is the set of plaintext message units, called the plaintext space, C 
is the set of ciphertext message units, called the ciphertext space, the elements k € K are 
called keys, € is a set of injective maps f;,:P — C indexed by the key space. This is called 
the set of encryption maps. Hence, for each k « K, there is an injective map f,:P — C. 
The set D consists of maps g;:C — P, also indexed by the key space. This is called the 
set of decryption maps. 

The central property of a cryptosystem is that, for each k ¢€ K, there exists a corre- 
sponding key k’ <¢ K and a decryption map g,::C — P such that g;,. is the left inverse 
of f,. In our previous language this means that for each k € K we have a basic cryptosys- 
tem {P,C, fy, 1} with k the encryption key and k' the decryption key. 

Using this model, we can easily distinguish symmetric from asymmetric cryptosys- 
tems. In a symmetric key cryptosystem, if the encryption key k is given, it is easy to 
find the corresponding decryption key k’. In fact, most of the time we have k = k’. In 
an asymmetric or public key cryptosystem, even if the encryption key k is known, it is 
infeasible to find or to compute the corresponding decryption key k’. 

In the following, we describe some cryptosystems and start with the symmetric key 
cryptosystems. 


23.1.1.1 Permutation Cipher 
The simplest type of encryption algorithm is a permutation cipher. Here, the letters of 
the plaintext alphabet are permuted and the plaintext message is sent in the permuted 
letters. A very straightforward example of a permutation encryption algorithm is a shift 
algorithm. 

Here, we consider the plaintext alphabet as the integers 0,1,..., N —1(mod N). We 
choose a fixed integer k and the encryption algorithm is 


f(m) = (m+k) (mod N). 


This is often known as a Caesar code after Julius Caesar who supposedly invented it. 
Any permutation encryption algorithm is very simple to attack using statistical analy- 
sis. Polyalphabetic ciphers are an attempt to thwart statistical attacks. One variation of 
the basic Caesar code is the following where message units are k-vectors. It is actually 
a type of polyalphabetic cipher called a Vigenére code. In this code, message units are 
considered as t-vectors of integers modulo N from an N letter alphabet. Let (b,,..., D,) 
be a fixed t-vector in Zi. This Vigenére code then takes a message unit (a,,...,a;) to 
(a, + by,...,a; + b,) (mod N). For a long period of time polyalphabetic ciphers where 
considered unbreakable. In 1920, the Friedmann test was developed. Given a sequence 
of letters of length m representing a Vigenére encrypted cipher text, the Friedmann test 
calculates the length t of the key word (b,,..., b,), see for instance [66]. A statistical anal- 
ysis then allows to break the Vigenére code. 
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23.1.1.2 One-Time Pad 

We now describe the one-time pad which has perfect security. Here, let P be the set of 
plaintext messages, C the set of ciphertext messages, and K the set of keys for a cryp- 
tosystem €. Then € has perfect security if for any given plaintext message P and cor- 
responding ciphertext message C we have that the conditional probability Prob(P|C) of 
determining the plaintext message P, given knowledge of the ciphertext message C, is 
exactly the same as the absolute probability Prob(P) of determining the plaintext P. 


Definition 23.1.1. Suppose the sets P of plaintext messages, C of ciphertext messages 
and K of keys are all given by elements of {0, 1}". That is, plaintext messages, ciphertext 
messages and keys are all random bit strings of fixed length n. For a given k € K the 
encryption function is given by F;,(p) = p @k for p € P. Here, @ denotes the XOR opera- 
tion on each pair of corresponding bits. This is simply the operation on bits {0, 1}, that is, 
addition modulo 2. We assume that the distribution on all three sets is the uniform distri- 
bution and a key k is only used once. The resulting cryptosystem is called a one-time pad. 


Shannon, see [98], proved that the one-time pad, under the assumptions provided 
in the definition, is perfectly secure, as long as the keys are randomly chosen and used 
only once. 


Theorem 23.1.2. A one-time pad has perfect security if the keys are randomly chosen from 
the uniform distribution of keys and a key is used only once. 


Although the one-time pad is theoretically secure there are many problems with 
its practical use because of the assumptions described above. For these reasons the one- 
time pad, while important theoretically, is not used to a great extent in encryption. How- 
ever, a stream cipher is a method to attempt to mimic the important properties of the 
one-time pad. A stream cipher is a symmetric key cipher where plaintext characters are 
combined with a pseudo-random key generator called a key stream. Ina stream cipher 
the plaintext characters are encrypted one at a time and the encryption of successive 
characters varies during the encryption. 

Stream ciphers require sequences of pseudo-random digits. These are sequences 
that behave as if they are random. Here we will discuss a procedure to generate pseudo- 
random sequences and hence stream cipher key generation. First we need the concept 
of a linear congruence generator. For a given natural number n we denote by Z,, the 
ring of integers modulo n. Elements of Z,, are residue classes of integers modulo n. Ifa 
is an integer, we will denote the corresponding residue class in Z,, by a. 


Definition 23.1.3. Let n ¢ IN and@, b ¢€ Z,. A bijective map f:Z,, — Z, given by x + 
ax + bis called a bilinear congruence generator. 


Notice that the map x + ax + b is bijective if and only if gcd(a, b) = 1. If we choose 
a large modulus n, linear congruence generators are used to generate pseudo-random 
integers. In using a linear congruence generator f: x +» ax +b the integers a, b should be 
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chosen such that the function g has no fixed point in Z,,. Then b # 0 for otherwise 0 is 
a fixed point. Hence, let b # 0. If @ = 1, then f has no fixed point but then the function is 
just a linear shift which is insecure. Therefore, let @ # 1. Then f has a fixed point in Z,, if 
gcd(a—1,n) = 1 because then there exists a d € Z with (d(a — 1)) = 1and then x = —dbis 
a fixed point in Z,,. Therefore, altogether for a linear congruence generator we should 
choose a and b such that gcd(a —1,n) > 1,a #1, and b ¢ 0. 
Using the idea of a linear congruence generator, we now give a procedure for the 
generation of a stream cipher. 
1. Choose a seeds € Z by key agreement or as a random number. 
2. Letne N,abe Zandf:Z, > Zp, X + Gx +b bea linear congruence generator. 
Define the sequences Xq = S, X; = f(X9) (mod n), X_ = f(X;) (mod n),.... 
3. Transform the sequence of plaintext units into a sequence of residue classes 
Mp,M,,... IN Zp. 
4. Encrypt the m; into c; = m; + X; € Z,. The secret key is s € Z,. 


We give the following remarks. 

1. The integer n should be very large and the residue classes should occur with the 
same probability. Further the function f should not have a fixed point. To accom- 
plish this we must choose f and s € Z, such that the period length Xp, xX;,... is as 
large as possible. Best would be the maximal length n. 

2. Ifwe know sufficiently many plain text units which follow each other and we know 
the linear congruence generator used then we may calculate s. 


Theorem 23.1.4 (Maximal period length forn > 2). Letn ¢ N withn = 2”, m > 1, and let 
a,b € Z such that f:Z, > Z», X + ax + b is a linear congruence generator. Further let 
s € {0,1,...,n—1} be given, Xq = 5S, X, =f(Xo),.... Then the sequence Xo, X;,... is periodic 
with the maximal period length n = 2” if and only if the following holds: 

(1) ais odd. 

(2) Ifm>2thena =1(mod 4). 

(3) bis odd. 


Proof. We show that (1), (2), and (3) hold if the period length is maximal. First we must 
have gcd(a,n) = 1 since f is a linear congruence generator. Further f has no fixed point 
because the period length is maximal. We show that a = 3 (mod 4) is not possible if 
m > 2. Suppose that a = 3 (mod 4) and m = 2. Suppose that a = 3 (mod 4) and m = 2. 
Then a +1= 0 (mod 4) and it follows that 


(1¢ata’+---4a 1) = (14a? +a'+--- +a )(14 a) = 0 (mod 4). («) 


We now consider 


Xint — Xi =f %i) — fj -4) = (@Xj + b) — (aX;4+ b) = A(X; — Xj-4) 
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for i > 1. It then follows recursively that 


Xj — XQ = (Ky — X yg) + Kya — Xg_g) + 27+ + OH — Xo) 


k-1 k-2 eA Se. 
=a (X,-X9) +a (X, — Xy) +--+ + (Xy — Xo) 
i) 


= (X,-X))(1+a+@+---4+4 
for k > 1. Therefore 
Xo =Xq (mod 4) and = X;,, = xX; (mod 4) 


from relation («) above. 

Hence half of the elements in the sequence have the same residue class as xy mod- 
ulo 4 and the other half the same as x, modulo 4 which gives a contradiction to the 
maximality of the period length. Therefore a = 1 (mod 4) if m = 2. To show (3) notice 
that in a sequence with maximal period length the residue class 0 must occur. 

Hence, without loss of generality, we may assume that X) = 0. Then xX, = b and 
recursively we have 


X, =(1+a+---+ a") 


for k > 1 since Xp = 0 and x, = b. All elements in the sequence are multiples of b. There 
is an X; = land therefore b is invertible in Z,, and hence b is odd. 

Now, assume that (1), (2), and (3) are satisfied. The theorem follows directly if n = 2 
since then if X) = 0 we have X, = land if xX, = 1 we have x, = 0. Now suppose that m > 2, 
so that n > 4. We show that we may obtain the maximal length n = 2” for Xj = 0 which 
proves the theorem. 

Let X) = 0. Then as before we obtain recursively X, = (1+@+---+a@°")b for k > 1. 
Since b is odd we have X, = Oif and only if (1+a+...@°') =0inZ,. 

We write k = 2’t with rr > 0 and t odd. Then 


00a) 
= (i+ Qt---+ a ')(i Te ae (@ faeed (@’)""). 


The second factor is congruent to 1 modulo 2 and hence 2”|(1+a+---+ a!) if and only 
if2"\(1+a+---+a2~1). The integer 1+a+--- +a’ is divisible by 2” since it is the 
sum of 2” odd numbers but not divisible by 2"**. It follows that r > mif and only if 2k. 
Therefore xX, = 0 occurs for k > 1 for the first time when k = n = 2”. 


We now describe some of the current public key cryptosystems. We start with the 
RSA cryptosystem named after L. Rivest, A. Shamir, and L. Adleman. 
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23.1.1.3 RSA Cryptosystem 
Alice chooses two distinct primes p and q and computes the product n = pq; n must be 
chosen large enough. For the Euler g-function we have 


p(n) = |{a¢ N|1<a<nand gcd(a,n) = 1}| 
=pq-p-q+1 
=(p-1)(q-1). 


Now Alice computes two numbers e,s > 3 such that es = 1(mod g(n)). The number s 
should be large; otherwise, the private key (n, s) is insecure due to an attack by Wiener, 
see [104]. Assume that the plaintext message is given by an integer x ¢€ {0,1,...,n — 1}. 
The public key is the pair (n,e), and the encryption is done by x +» x° (mod n). Alice 
decrypts by y + y* (mod n). 

Now, let y = x° (mod n). If es = 1+ (p—1)k, then 


yr =x 
=x-(x? a 
0 if p|x 
? i -1* otherwise 


= x (mod p) 


by Fermat’s Little Theorem. 

Analogously, y* = x (mod q). In other words, both p and q divide y* — x. Since p and 
q are coprime, n = pq divides y* — x, and hence we have y* = x (mod n). Especially, x = 
y® (mod n) if x € {0,1,...,n — 1}. Thus, every encrypted message is decrypted correctly. 

The security certificate of the RSA cryptosystem is based on the assumption that 
the factorization into prime factors is difficult for large numbers. It is not really known 
how difficult the factorization problem really is. It is possible that there exists an easy 
solution to the factorization problem that is not yet known. At the present time we can 
say that the factorization problem is in the complexity class NP. 

Recall that a mathematical problem I belongs to NP if there exists a polynomial 
time algorithm which can prove if a general solution is correct or not. The factorization 
problem for an integer n > 1 is in NP because it can be checked with the division algo- 
rithm if a general divisor is or is not a divisor of n. If the input value is n then we have 
to make O(2") tests. We now discuss the ElGamal encryption. 


23.1.1.4 ElGamal Encryption 

The basic scheme for an ElGamal encryption system is the following. Each user chooses 
a common large prime p and a generator g for the cyclic group Zy = Zp \ {0}, the unit 
group within Z,. Given a large prime p there is a fixed efficiently invertible procedure 


362 —— 23 Algebraic Cryptography 


to encrypt plaintext into residue classes within Z5- For each message transmission the 
user’s public key is (p, g,A) where A = g“ for some integer a. 

The encryption works as follows. Suppose that Bob wants to send a message to Alice. 
Alice’s public key is (p, g, A) as above. The message is m, and as above, is encrypted in 
some workable efficient manner within Zp that is, the message is encrypted in a man- 
ner known to all users as an integer in {0,1,..., p — 1}. Bob now randomly chooses an 
integer b and computes B = g”. He now sends to Alice (B, mC) where C = g™. To decrypt, 
Alice first uses B to determine the common shared key C. Since B = g’, and she knows 
A = g",she knows C = g” and the modulus p. Hence, she can compute the inverse g~™ 
to obtain the message m. 

The security certificate of the ElGamal cryptosystem is based on the difficulty of the 
Computational Diffie-Hellman problem (CDH) for Zp: given a prime p, a generator g of 
Zy, & modulo p and g’ modulo p, determine g” modulo p. Certainly, the CDH can be 
formulated for each cyclic group G = (g): the CDH is the problem to find g” for two 
elements g“ and g”. At present, the only known solution of CDH is to solve the discrete 
logarithm problem (DLP): for G = (g) being a cyclic group and h ¢€ G, finda € Zsuch 
thath = g°. 

The DLP appears to be very hard for large orders |G| of G. Solving the DLP for Zy 
breaks the ElGamal cryptosystem, as does solving the CDH. It is not known whether the 
CDH can be solved without solving the DLP. The ElGamal encryption becomes the basis 
for elliptic curve cryptography which we discuss briefly. 


23.1.1.5 Elliptic Curve Cryptography 

A very powerful approach which has wide ranging applications in cryptography is to 
use elliptic curves. If K is a finite field of characteristic not equal to 2 or 3 then an elliptic 
curve over K (in Weierstrass form) is the locus of points (x,y) € K x K satisfying the 
equation y” = x? + ax + b with 4a? + 27b” # 0. We denote by © a single point at infinity 
and let 


E(K) = {(x,y) €KxK:y’ =x? +ax +b} u {O}. 


The important thing about elliptic curves from the viewpoint of cryptography is that a 
group structure can be placed on E(K). In particular, we define the operation + on E(K) 


by: 


1. ©O+P=P for any point P € E(k). 

2. IfP = (x,y), then —-P = (x,-y) and -O = O. 

3. P+(-P) =O for any point P € E(K). 

4. If P,; = (x,y) and P, = (x,y) such that P,; # —P,, then P, + P, = (X3,y3) with 
Xz = m? —(x, +X) andy, = —m(x3 —x,) —y, where m = Yo) ifx, # x, andm = uta 


if X = X4. 
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This operation has a very nice geometric interpretation if K = R. It is known as the 
chord and tangent method. If P, # P, are two points on the curve then the line through 
P, and P, intersects the curve at another point P3. If we reflect P; through the x-axis we 
get P, + Py. If P; = P, we take the tangent line at P,. With this operation E(K) becomes 
an Abelian group. A very detailed proof can be found in [6]. The structure of the group 
can be worked out. 


Theorem 23.1.5. If K is a finite field of order p* then the group E(K) is either cyclic or is 
isomorphic to Zm, x Zm, with m,|my and m,|(p* -1). 


A proof of this result is given in [60]. 

We now consider the case K = Zy); p = 5, and write a and D instead of a and b 
in Z, for the residue classes. Let f(x) = x° + Gx + b. We have p elements x in Zp. If 
f(x) = 0, then we have exactly one point (x, 0) in E(Z,). If f(x) is a nontrivial square in 
Zp: especially f (x) > = 1, then for x there are two points (x, y) and (x, -y) in E(Zp). If 
f (Xx) is not a square in Zp: then for x there is no point in E(Zy). Finally we have to add 1 
for the element O. Hence, |E(Z,)| = 1+5s+4 2t where s is the number of x with f(x) = 0 
and t is the number of nontrivial squares in Z,. 

We now give a version of Hasse’s Theorem for Z,, p > 5. 


Theorem 23.1.6 (Hasse’s Theorem). LetI = [p+1-2./p, p+1+2,p]NN. Then there exists 
for each k € J at least one elliptic curve with |E(Z,)| = k. 


A proof is given in the book [61]. 

In [66] there are described efficient probabilistic algorithms to calculate points on 
E(Z,) \ {0} and to construct an injective, efficiently invertible map M — E(E,) \ {0}, 
p = 5 prime, where .™ is the set of plain text units. Using these, we may describe the 
elliptic curve public key system for E(Z,) as follows: 

(1) Choose a large prime p > 5 and a,b ¢€ Z, such that y=x 
curve. 

(2) Choose an injective efficiently invertible (on the image) map p:M — E(Z,) \ {0}, 
where M is the set of plain text units. 

(3) Choose a point P € E(Z,) \ {0}. 

(4) Choose a secret integer d € Z and calculate dP ¢€ E(Z,). 


34 ax + bis an elliptic 


The public key is (P, dP) and the elliptic curve itself. The secret key is d. 

For encryption, let m « M bea plain text message unit. Calculate Q = p(m). Choose 
a random integer k and define c = (KP,Q + k(dP)) € C, where C is the set of cipher text 
units. This is the encrypted message unit. 

For decryption, let C = (c,,c,) € C be a ciphertext unit. Calculate Q = c, - dc, 
and m = p‘(Q), the preimage of Q. Recall that Q € E(Zp) \ {0} if Q = p(m) and (cy, c,) = 
(kP, Q+k(dP)). The elliptic curve public key cryptosystem provides a valid cryptosystem: 
if (C,,C) = (KP, Q+k(dP)), then c.—-dc, = Q = p(m). The security certificate of the elliptic 
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curve public key cryptosystem is also based on the difficulty of the Computational Diffie— 
Hellman problem for E(Z,). For this, care should be taken that the discrete logarithm 
problem in E(Z,) is difficult. Elliptic curve public key cryptosystems are at present the 
most important commutative alternatives to the use of the RSA algorithm. There are 
several reasons for that. They are more efficient in many cases than RSA and keys in 
elliptic curve systems are much smaller than keys in RSA. 


23.1.2 Cryptographic Protocols 


Besides secure confidential message transmission there are many other tasks that are 
important in cryptography, both symmetric key and public key. Although it is not en- 
tirely precise, we say that a cryptographic task is where one or more people must com- 
municate with some degree of secrecy. The set of algorithms and procedures needed to 
accomplish a cryptographic task is called cryptographic protocol. A cryptosystem is just 
one type of a cryptographic protocol. More formally, suppose that several parties want 
to manage a cryptographic task. Then they must communicate with each other and co- 
operate. Hence, each party must follow certain rules and implement a certain algorithm 
that they agreed upon. 

We now discuss some cryptographic tasks that we will occasionally refer to in this 
book but many more can be found in detail in the book [66]. 


23.1.2.1 Secret Sharing 
Given a secret S, a (t,n)-secret sharing threshold scheme is a cryptographical primitive 
in which a secret is split into pieces (shares) and distributed among a collection of n 
participants {p,,...,P,} so that any group of t or more participants, with t < n, can 
recover the secret. Meanwhile, any group of t-1 or fewer participants cannot recover the 
secret. Shamir solved the secret sharing problem in a very simple but beautiful manner 
using polynomial interpolation. 

The general idea in a Shamir (t, n)-secret sharing threshold scheme is the following. 
Let K be any field and (x,,y),...,(XpYn) be n points in K? with pairwise distinct x;. 
A polynomial p(x) over K interpolates these points if p(x;) = y; fori = 1,...,n. The 
polynomial p(x) is called the interpolating polynomial for the given points. The crucial 
theoretical result is that for any n points (X;, y1),..-,(Xp»Yn) with distinct x; there always 
exists a unique interpolating polynomial of degree < n-1. 

We now present a more explicit version of the Shamir scheme using the finite field 
K = GF(q) where gq = p* with k > 1 and p isa large prime. Let S be the secret. The dealer 
generates a polynomial p(x) of degree at most t —- 1 over K where q is much larger than 
nas follows: 


P(X) = Ay + a4X +--+ a ae 
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where dy = S is the secret and a,...,a,;_; € K. The dealer chooses pairwise distinct 
xX; € K \ {0}, i = 1,...,n, which are stored in a public area. The dealer calculates y; = 
p(x;), i= 1,...,n, and distributes to the n participants via a secure channel so that each 
participant p; gets one share y;. 

For the secret recovery we use the Lagrange interpolation. We can construct the 
Lagrange interpolating polynomial with respect to (x;,y,),...,(Xp»Yn), all x; € K \ {0} 
pairwise distinct, as 


t 
p(x) = > yili@) 
i=1 
where l;(x) = [Tj-sj+i ae Clearly, p(x) is a polynomial of degree at most t — 1. In partic- 
ular, the secret a, will be 
t 


t _YX. 
a = p(0) = )'y: [] = = 


i=l j=ijzi 


This scheme is perfect in the sense that for t —- 1 participants any secret S € K is equally 
likely. 

We now describe a geometric alternative scheme which depends on the closest vec- 
tor theorem. Let W be a real inner product space and V be a subspace of finite dimen- 
sion t. Suppose that w ¢ W and {é,,..., é,} is an orthonormal basis of V. Note that, given 
any basis for the subspace V, the Gram—Schmidt orthonormalization procedure can be 
used to find an orthonormal basis for V. Suppose that w ¢ W is notin V. Then the unique 
vector w* ¢ V closest to w is given by 


Ww" = (W, b))b, +--+ + (Wy, be, 
where (, ) is the inner product on W. 

We now describe the secret sharing scheme. We start with an inner product space 
W of dimension m and an access control group of size n. We assume that m is much 
greater than n. Within W there is a hidden subspace V of dimension t < n. The secret 
to be shared is given as an element in this hidden subspace, that is, the secret ¥ € V,a 
vector in V. The dealer distributes two vectors ); and w where ¥; ¢ V and w is a vector 
in W \ V, and let ¥ <€ V be the vector closest to w. 

In general, the vector w can be given publically. The set {v,,...,¥,,} has the property 
that any subset of size t is linearly independent. Hence, any subset of size t determines a 
basis for V. Suppose t valid users get together. They can determine an orthonormal basis 
of V. Since w is given, they can determine V by the closest vector theorem and recover 
the secret. Given a subset of size less than t, the given vectors generate a subspace of V of 
dimension less than t and hence in W there are infinitely many extensions of subspaces 
of dimension t. This implies that determining V with less than t elements of a basis has 
zero probability. 
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23.1.2.2 Key Exchange and Key Transport 

In a key exchange two people, usually called Bob and Alice, exchange a secret shared 
key to be used in some encryption. In a key transport one party transports to another 
a secret key that is to be used. We briefly describe the Diffie-Hellman key exchange 
protocol. 

Bob and Alice choose a large prime p and a generator g of the cyclic multiplicative 
group Zy- The element g is public to all. Alice chooses an a with1 < a < p—1. Her public 
information or public key is g“ given modulo q. This is open to all. Her private informa- 
tion or (secret) private key is a. Bob chooses a b with1 < b < p—1. His public information 
or public key is g? given modulo p. This is open to all. His private information or (secret) 
private key is g? : 

Communication: The secret sharing key is g*”. This can be computed easily by both 
Bob and Alice using their private keys. Alice knows her private key a and the value g“ is 
public from Bob. Hence, she can compute g” = (g”)*. The analogous situation holds for 
Bob. The security certificate of the Diffie-Hellman key exchange protocol is again the 
Computational Diffie-Hellman problem for Z,. 


23.1.2.3 Authentication Protocols and Zero-Knowledge Proof Protocols 

There are two more important cryptographic protocols which are discussed in detail in 
[66] and also to some extent in Chapter 24 on noncommutative group based cryptogra- 
phy: the authentication protocols and the zero-knowledge proof protocols. 

When a confidential message is transmitted there are several aspects that must be 
verified. First, there must be a verification to the receiver that the sender is who he 
claims to be. Secondly, there must be a verification to the sender that the receiver is also 
who he claims to be. Next there should be a verification that the message has not been 
altered in any way. Finally, there should be in many message transmissions some form of 
undeniability, that is a procedure that makes it impossible for the sender that he did not 
send the message. All of these verifications are handled by an authentication protocol. In 
Section 24.5 we discuss a password-authentication protocol using combinatorial group 
theory. 

Now, a zero-knowledge proof protocol is a method by which one party (the prover) 
can prove to another party (the verifier) that a given statement is true while the prover 
avoids conveying any additional information apart from the fact that the statement is 
indeed true. The essence of zero-knowledge proofs is that it is trivial to prove that one 
possesses knowledge of certain information by simply revealing it; the challenge is to 
prove such possession without revealing the information itself or any additional infor- 
mation. For a classical prototype of a zero-knowledge proof we mention the Ali Baba 
cave problem with a magic secret door, see [97]. 
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Exercises 


1. 


Let F: Zy4 > Zo, be given by x +> 5x +3. Calculate the period length for xX, = 0. 
We use the standard allocation A = 01,B = 02,...,Z = 26. Calculate the plaintext 
number M for the plaintext message ‘Louisa is born on Christmas Day.’ 

Distribute the secret 42 using the Shamir secret sharing scheme evenly among three 

people such that any two can put together the secret. 

The company Ruin Invest has two directors, seven department managers, and 87 

further employees. A valuable customer file is protected by a secret key. Develop a 

procedure of the information about the key among the following groups of autho- 

rized people: 

(1) both directors, 

(2) one director and all seven department managers together, and 

(3) one director, at least four department managers, and also at least 11 employees. 

Given are prime numbers p and q with q < pand n = pq. For an RSA cryptosystem 

assume that p — q is very small. Show that n can be factorized using the following 

procedure: 

(1) Let t € N be the smallest number with t > /n. 

(2) Ift?—nisa square, thatis, t?—n = s* forsomes € N, thenp =t+sandq=t-s 
provides the factorization. 

(3) Otherwise take the next integer t > Vn and go back to (2). 

Use the procedure to factorize n = 9898828507. 

Let (n, e) = (2047, 179) be the public RSA key. A plaintext alphabet has the 26 letters 

A,B,...,Z and the empty sign @ between words. The plaintext message c with @ be- 

tween words will be subdivided into double blocks with @ at the end, if necessary. 

By the assignment A + 00,B + 01,...,Z + 25, + 26 each double block gives a 

block with 4 digits. We consider the four digit numbers as residue classes modulo 

2047. Encryption with the public key (2047, 179) gives the ciphertext message 1054, 

92, 1141, 1571, 92, 832 in the form of residue classes modulo 2047. 

(a) Break the encryption by factoring 2047. 

(b) Why is the number 2047 besides the small size, a particularly unfavorable 
choice? 

It is possible to break the encryption without factoring 2047? 

Alice and Bob agree on the following public key cryptosystem: 

(1) Alice chooses a,b € Z with ab + 1and calculates M = ab—1. Then Alice chooses 
two integers a’, b’ and calculates e = a’M-+aandd = b'M+b.She then calculates 
n= eat, 

(2) Alice publishes the pair (n, e). The secret key is d. 

(3) Bob wants to send a message m € {0,1,...,n — 1} to Alice. 

He calculates c = em (mod n) and sends c to Alice. 
(4) She decrypts the message by calculating cd modulo n. 
Show that this is a valid cryptosystem, that is, Alice gets the message. 
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8. Show that breaking the ElGamal encryption scheme and breaking the Diffie— 
Hellman key exchange protocol are equally difficult. 
9. (a) LetK = Z, andy” = x° +x. This equation defines an elliptic curve over Zs. 
Show that E(Z;) = Z»y x Zo. 
(b) Let K = Zy and y” = x° + x + 6 bea curve over Z,. Show that y” = x 
an elliptic curve over Z,, and that E(Z,,) is cyclic of order 13. 
10. Determine all possible groups E(Z;) for elliptic curves over Z,. Give all possible 
orders for a group E(Z;). 
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24 Non-Commutative Group Based Cryptography 


24.1 Group Based Methods 


The public key cryptosystems and public key exchange protocols that we have discussed, 
such as the RSA algorithm, or the Diffie-Hellman, ElGamal and elliptic curve meth- 
ods, are number theory based, and thus depend on the structure of Abelian groups. As 
computing machinery has gotten stronger, and computational techniques have become 
more sophisticated and improved, there have been successful attacks on both RSA and 
Diffie-Hellman for smaller and specialized parameters (RSA and Diffie-Hellman mod- 
uli). Furthermore, there exist quantum algorithms that specifically break both RSA and 
Diffie-Hellman. As a consequence, when and if a workable quantum computer will be 
realized, these cryptographic methods will have to be altered. 

Because of these attacks there is a feeling that these number theoretic techniques 
are theoretically susceptible to attack. Somehow the relatively simple structure of 
Abelian groups opens up the possibility of weaknesses in cryptographic protocols. As 
a result there has been an active line of research to develop cryptosystems and key 
exchange protocols using noncommutative cryptographic platforms which is called 
noncommutative algebraic cryptography. Since most of the cryptographic platforms are 
groups this is also known as group based cryptography. 

The main sources for non-Abelian groups are combinatorial group theory and lin- 
ear group theory, that is matrix groups. Braid group cryptography where encryption is 
done within the classical braid groups, is one prominent example. The one-way func- 
tions in braid group systems are based on the difficulty of solving group theoretic de- 
cision problems such as the conjugacy problem and conjugator search problem. Recall 
that a one-way function is a function which is easy to implement but very hard to invert. 
Although braid group cryptography had initial spectacular success, various potential 
attacks have been identified. Borovik, Myasnikov, Shpilrain, see [70], and others have 
studied the statistical aspects of these attacks and have identified what is termed black 
holes in the platform groups, the outsides of which present cryptographic problems. 

The extension of the cryptographic ideas to noncommutative platforms involves the 
following ideas: 

1. general algebraic techniques for developing cryptosystems; 

2. potential algebraic platforms (specific groups, rings, etc.) for implementing the tech- 
niques; and 

3. cryptanalysis and security analysis of the resulting systems. 


The basic idea in using combinatorial group theory for cryptography is that elements 
of groups can be expressed as words in some alphabet. If there is an easy method to 
rewrite group elements in terms of these words, and further the technique used in this 
rewriting process can be supplied by a secret key, then a cryptosystem can be created. 


https://doi.org/10.1515/9783111142524-024 
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In Section 14.7 we discussed group presentations and fundamental group decision 
problems. Given a group G there exists a presentation G = (X;R) and vice versa. We 
recall that the three fundamental group decision problems by Dehn, that is, the word 
problem, the conjugacy problem, and the isomorphism problem, have negative answers 
in general but have simple and elegant solutions for finitely generated free groups. 

These three problems are only the basic decision problems and other algorithmic 
problems concerning presentations can be considered. The conjugacy problem asks to 
algorithmically determine if two elements given in terms of the generators are conju- 
gate. The conjugator search problem asks: given a group presentation for G and two 
elements 2), g> in G that are known to be conjugate, to determine algorithmically a con- 
jugatoy, that is an element h such that h-1g,h = gp. It is known, as with the conjugacy 
problem itself, that the conjugator search problem is undecidable in general. 

There are several other group theoretical decision problems. We just mention two. 
For a subgroup H of a group G, where H has generating set {x;,...,xX,} ¢ H, the mem- 
bership problem asks whether a given element g ¢ G lies in H, and the constructional 
membership problem asks whether a given element g € G lies in H, and if so, how to ex- 
press g as a word in the generators x;,..., X,- Michailova, see [38], showed that in general 
the constructional membership problem is undecidable for infinite matrix groups, also 
see [39]. 

The second is the root extraction problem in a group G. Given an element g ¢€ G, 
and a number k € N, find anh € G such that h* = g. Many cryptosystems such as 
authentication schemes and digital signatures are based on the root extraction problem. 
We mention that the root extraction problem is solvable in free groups. 

The computational difficulty of solving various group decision problems will play 
the role of a hard problem used to construct a one-way function in several non-Abelian 
group based cryptosystems. 

The book [93] by Myasnikov, Shpilrain and Ushakov has discussions of the complex- 
ity of many of these group decision problems. 

If a cryptographic protocol is based on an algebraic object, e. g., group, ring, lat- 
tice, or finite field, then this object is called the (cryptographic) platform. In group based 
cryptography this is then a platform group for the cryptographic protocol. The security 
of the cryptographic protocol is then dependent upon the difficulty, computational or 
theoretic, of solving a group theoretic problem within the platform group. 

To be a reasonable platform group for a group based cryptographic protocol, a 
group G must possess certain properties that make the protocol both efficient to im- 
plement and secure. 

We assume that the group G has a finite presentation 


G = (X;R) = (X1,...5 X31 = 7° =m =D 


and that the protocol security is based on a group theoretic problem that we denote by P. 
The first necessity is that there is an efficient way to uniquely represent and then multi- 
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ply the elements of G. In most cases this requires a normal form for elements g ¢€ G, that 
is, a unique representation in terms of the generators {x;,...,X,}. In particular, reduced 
words provide normal forms for elements of free groups. Normal forms provide an ef- 
fective method of disguising group elements. Without this, one can determine a secret 
key simply by inspection of group elements. The existence of a normal form in a group 
implies solvable word problem, which is also essential for these protocols. For g ¢ Gwe 
will denote its normal form, in terms of the set of generators X, by NFy(g). 

To be useful in cryptography, given g ¢€ G, expressed as a word in X;,...,X;,, the 
process of moving between the word and the unique normal form must be efficiently 
computable. Usually we require at most polynomial time in the input length of g. 

In addition to the platform group having normal forms, ideally, it would also exhibit 
exponential growth. That is, the growth function for G, y : N — R, defined by y(n) = 
#{w eG: l(w) < nj, has an exponential growth rate, also see [93]. In the definition 1(W) 
stands for the minimal number of letters needed to express W as a word in Xj,...,Xp. 
Exponential growth is a necessity that ensures that the group will provide a large key 
space. 

Further, the normal form must exhibit good diffusion in determining the normal 
forms of products. This means that in finding the normal forms of products it is compu- 
tationally difficult to rediscover the factors, that is if we know NF y(g,g,) it is computa- 
tionally difficult to discover g;, g, or NFy(g,), NF y(g). 

Other necessities for a platform group depend on the particular protocol. If the secu- 
rity is based on the group problem P, such as the word problem or conjugacy problem, 
we have to assume that in G, the solution to P is computationally hard (NP-hard) or un- 
solvable. However, what we really want is generically hard, that is, hard on most inputs. 
The solution to P might be unsolvable but have polynomial average case complexity. In 
this case, if care is not taken in choosing the inputs, the solution to P is easy and the cryp- 
tographic protocol is broken. This does not eliminate a group G as a possible platform 
group but indicates that one must take great care in choosing cryptographic inputs. 

Among the first attempts to use non-Abelian groups as platforms for public key cryp- 
tosystems were the schemes [62] by Anshel, Anshel and Goldfeld, and the schemes [85] 
by Ko, Lee et al. The first protocol was developed by I. Anshel, M. Anshel and D. Goldfeld. 
The original version of the Ko-Lee protocol was published by K. H. Ko, S. J. Lee, J. H. Han, 
J. Kang and C. Park. We will refer to the second protocol as Ko-Lee. Both sets of authors, 
at about the same time, proposed using non-Abelian groups and combinatorial group 
theory for public key exchange. 

The Anshel—Anshel-Goldfeld and Ko—Lee methods can be considered as group theo- 
retic analogs of the number theory based Diffie-Hellman method. The basic underlying 
idea is the following. If Gis a group and g,h € Gwe let g” denote the conjugate of g by h, 
that is gh = hgh. The simple observation is that (gly = ght, Therefore writing con- 
jugation in this exponential manner behaves like ordinary exponentiation. From this 
straightforward idea one can almost exactly mimic the Diffie-Hellman protocol, now 
within a non-Abelian group. 
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In Section 24.8, we examine the Ko-Lee and Anshel—Anshel-Goldfeld protocols. 
Both sets of developers originally suggested using braid groups as the basic and most 
appropriate group theoretic platform. Here, we just give a presentation for the braid 
group B,,n > 3, in the form 


Br = (Oy... + On-15 (0; 6)] = 1if |i -j] > 1, 6,440;0)44 = 00419; for i= 1,...,n-1) 


which is now called the Artin presentation. We remark that there are several possibili- 
ties for normal forms for elements of B,,, see [24]. 

We describe both protocols in a most general context, that is, with a general platform 
group. This platform group must have a finite presentation with efficiently computable 
normal forms, exponential growth, and good diffusion in determining the normal form 
of products. For the following Ko-Lee protocol and the Anshel—Anshel-Goldfeld pro- 
tocols, the platform group must also contain an abundant collection of subgroups that 
commute elementwise and that can be efficiently described. 


24.2 Initial Group Theoretic Cryptosystems—The Magnus Method 


One of the earliest descriptions of using a non-Abelian group in cryptography appeared 
in a paper by Magnus in the early 1970’s, see [89]. This was what is now called a free 
group cryptosystem. The seminal idea of using the difficulty of group theory decision 
problems in infinite non-Abelian groups as one-way functions in cryptography was first 
developed by Magyarik and Wagner in 1985. Neither of these two methods proved suc- 
cessful as workable encryption methods yet their introduction ushered in a subsequent 
complete theory and other ideas. In this section we describe Magnus’ idea and in the 
next subsection the Wagner—-Magyarik method. 

In [89], Magnus studied rational representations of Fuchsian groups and non- 
parabolic subgroups of the classical modular group M. Recall that M = PSL(2, Z). That 
is, M consists of the 2 x 2 projective integral matrices 


m= e(° 3) 1ad-be=1a.bred eZ}. 
c a 


Equivalently, M can be considered as the set of integral linear fractional transformations 
with determinant 1: 
,  az+b 


Z = with ad — bc = 1anda,b,c,d € Z. 
cz+d 


Theorem 24.2.1 (B. H. Neumann). The matrices 


11 1+4t? 2¢t 
+( ) +( if ) ae eee 
1 2 2t 1 
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freely generate a free subgroup F of infinite index in M. Further, distinct elements of F have 
distinct first columns (up to sign). The group F is of infinite rank. 


Proof. Without loss of generality we first work in the homogenous modular group 


re {(¢ : a b,c,d € Z,ad— be =1= SL02,Z)} 


B.H. Neumann, see [40], constructed infinitely many subgroups N of I with the fol- 
lowing properties: 
(i) N contains the matrix T = ({ 7). 
(ii) Let a and c be any pair of coprime integers. Then N contains exactly one matrix in 
which the first column consists of the ordered pair (a, c). 


We remark that Neumann showed that such an N has properties (i) and (ii) if it contains 
T and has exactly all the elements U", n = 0, +1,+2,..., as right coset representatives in 
T where U = (21). 

To prove Theorem 24.2.1 we do not need the whole procedure, also not the additional 
remark (for the complete construction see [40]). We just pick up the single procedure for 
the special group given in Theorem 24.2.1. We consider the bijective map f:Z — Z given 
by f((n)) = n, f(0) = 0, f(-1) = -1, and for any positive integer k we have f (2k) = 2k, 
f (6k -1) = -3k -1, f (6k — 3) = -3k, f (6k — 5) =1-3k. 

We define the subgroup N generated by the elements 


ee) 


We now consider N as a subgroup of the modular group M and use the Reide- 
meister—-Schreier method in combination with Tietze transformations, see Chapter 14. 
We see that N is generated by the elements 


y-1 and V2k> k= 12 Siac 
with the defining relations 
y1=Vo kK =1,2,3,.... 


This shows that the elements A = Yo v1 and B,, = VokVo's k =1,2,3,..., freely gen- 
erate a free subgroup F of infinite rank in N using the Reidemeister—Schreier method. 
This, in fact, also follows if we consider F acting on the upper half plane. 

We have A = +(13) and By, = (AE ’k), k = 1,2,3,.... The group F does not 
contain any power of U ‘ t € Z\ {0}. In fact, all the elements U", n = 0, +1, +2, +3,..., are 
right coset representatives of F in T because f is bijective. If C = +(4%) is any element 


of F, then C # 0 because no power of U is in F and the elements CU ‘eM,t € Z, have 
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the same first column as C, up to the sign, and if t runs through the integers, we get all 
elements of M with the same first column. This we can see as follows. 
Let D = +(“) be any element of M with the same first column. Then 


1=ad —- bc = ah- gc 


from the determinant. It follows that a(d - h) = c(b - g). Since gcd(a,c) = 1 we get 
c\(d — h), that is, there exists at ¢ Z with ct = d-h, and therefore h = d - ct. We get 
with this that ad - be = a(d - ct) — gc, that is, g = b—-at. 


Hence, D = +(22-), Now consider CU‘ € M, t € Z, then 


7 a b\/1 -t a b-at 
CUt=+ =+ . 
(2 Ae :) (2 ce 


This shows that distinct elements of F have distinct first columns, up to sign. 


Magnus, see [89], had the idea to use this for cryptographic protocols. Since the en- 
tries in the generating matrices are positive we can do the following. 

Choose a set T,,..., T,, of projective matrices from the set above with n large enough 
to encode a desired plaintext alphabet A. Any message would be encoded by a word 
W(T;,...,T,) with nonnegative exponents. This represents an element g of F. The two 
elements in the first column determine w and therefore g. Receiving w then determines 
the message uniquely. Pure free cryptography as Magnus proposed is subject to many 
attacks. We will discuss this further in Section 24.3. 


24.2.1 The Wagner-Magyarik Method 


The idea of using the difficulty of group theory decision problems in devising hard one- 
way functions for cryptographic purposes was first developed by Magyarik and Wagner 
in 1985, see [103]. They devised a public key protocol based on the difficulty of the so- 
lution to the word problem. Although this was a seminal idea, their basic cryptosystem 
was really unworkable and not secure in the form they presented. 

Wagner and Magyarik outlined a conceptual public key cryptosystem based on the 
hardness of the word problem for finitely presented groups. At the same time, they gave 
a specific example of such a system. Gonzalez Vasco and Steinwandt, see [78], proved 
that their approach is vulnerable to so-called reaction attacks. In particular, for the pro- 
posed instance it is possible to retrieve the private key just by watching the performance 
of a legitimate recipient. 

The general scheme of the Wagner and Magyarik public key cryptosystem is as fol- 
lows. Let X be a finite set of generators, and let R and S be finite sets of relators on X. 
Consider the two groups G and Gy with presentations 


G=(X;R) and Gy =(X;RUS). 
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The group Gy is then a homomorphic image of G. We assume first that G has a hard word 
problem so that the word problem in G is not solvable in polynomial time. We next 
assume that the homomorphic image Gp has a word problem solvable in polynomial 
time, that is an easy word problem. 

Choose two words wy and w, which are not equivalent in Gp (and hence not equiva- 
lent in G since G, isa homomorphic image of G). The public key is the presentation (X; R) 
and the chosen words w, and w,. To encrypt a single bit € {0, 1}, pick w,; and transform it 
into a ciphertext word w by repeatedly and randomly applying Tietze transformations 
to the presentation (X; R). To decrypt a word w, run the algorithm for the word problem 
of Gp in order to decide which of w;w” is equivalent to the empty word for the pre- 
sentation (X;RU S). The private key is the set S. As pointed out by Gonzalez Vasco and 
Steinwandt, this is not sufficient and Wagner and Magyarik are not clear on this point. 
The public key should be a deterministic polynomial-time algorithm for the word prob- 
lem of Gy = (X;RUS). Just knowing S does not automatically and explicitly give us an 
efficient algorithm (even if such an algorithm exists). 

Although the Wagner—Magyarik protocol was not workable as a public key system, 
the idea opened the door for using similar types of encryption involving group theoretic 
decision problems. 


24.3 Free Group Cryptosystems 


The simplest example of a non-Abelian group based cryptosystem is perhaps a free group 
cryptosystem. This can be described in the following manner. 

Consider a free group F on free generators x,,...,x;. Then each element g in F has 
a unique expression as a reduced word w(x,,...,X,). Let w,,...,W x, where each w; = 
w,(X,,...,X;), be a set of words in the generators x;,..., x, of the free group F. At the most 
basic level, to construct a cryptosystem, suppose that we have a plaintext alphabet A. 
For example, suppose A = {a,b,...} are the symbols needed to construct meaningful 
messages in English. To encrypt, use a substitution ciphertext 


At {Wy,...,Wi} 


given by a + Wy, b % Wy,.... Then, for a word w(a,b,...) in the plaintext alphabet, 
form the free group word w(wj, W2,...). This represents an element g in F. Send out g 
as the secret message. 

In order to implement this scheme we need a concrete representation of g and then 
for decryption a way to rewrite g back in terms of w,,...,w,. This concrete representa- 
tion is the idea behind homomorphic cryptosystems. 

The decryption algorithm in a free group cryptosystem then depends on the 
Reidemeister—Schreier rewriting process, see Section 14.4. Let F be a free group on 
{X1,...,X,}. The Reidemeister-Schreier process allows one to construct a set of gen- 
erators W,,...,W, for H by using a Schreier transversal. Further, given the Schreier 
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transversal from which the set of generators for H was constructed, the Reidemeister— 
Schreier rewriting process allows us to algorithmically rewrite an element of H. Given 
such an element expressed as a word w = wW(xj,...,X,) in the generators of F this 
algorithm rewrites w as a word w*(wj,...,w,) in the generators of H. 

Pure free group cryptosystems are subject to various attacks and can be broken of- 
ten easily. However, a public key free group cryptosystem using a free group represen- 
tation in the modular group was developed by Baumslag, Fine and Xu, see [67] and [68]. 
The most successful attacks on free group cryptosystems are called length based attacks. 
The general idea in a length based attack is that an attacker multiplies a word in cipher- 
text by a generator to get a shorter word which then could possibly be decoded. We refer 
to [76] for more on length based attacks. 

Baumslag, Fine and Xu in [67] described the following general encryption scheme 
using free group cryptography. A further enhancement was discussed in the paper [68]. 

We start with a finitely presented group 


G = (X3R), 
where X = {x;,...,X,}, and a faithful representation 
p:GuG. 


G can be any one of several different kinds of objects; linear group, permutation group, 
power series ring, etc. 

We assume that there is an algorithm to re-express an element of p(G) in G in terms 
of the generators of G. That is if g = w(x,,...,X,) € G, where w is a word in these 
generators and we are given p(g) € G, we can algorithmically find g and its expression 
as the word w(xj,...,Xy). 

Once we have G, we assume that we have two free subgroups K, H with 


HckKcG. 


We assume that we have fixed Schreier transversals for K in G and for H in K both of 
which are held in secret by the communicating parties Bob and Alice. Now based on the 
fixed Schreier transversals we have sets of Schreier generators constructed from the 
Reidemeister—Schreier process for K and for H: 


Ky... ... fork 
and 
hy,...,h,... for H. 


Notice that the generators for K will be given as words in X;,...,X,, the generators 
of G, while the generators for H will be given as words in the generators k,, ky,... for K. 
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We note further that H and K may coincide and that H and K need not in general be free 
but only have a unique set of normal forms so that the representation of an element in 
terms of the given Schreier generators is unique. 

We will encode within H, or more precisely within p(H). We assume that the num- 
ber of generators for H is larger than the set of characters within our plaintext alphabet. 
Let A = {a,b,c,...} be our plaintext alphabet. At the simplest level we choose a starting 
point i, within the generators of H, and encode 
bwoh, 


‘pusche “BUG: 


ar h; 

Suppose that Bob wants to communicate the message w(a, b,c,...) to Alice where 
w is a word in the plaintext alphabet. Recall that both Bob and Alice know the var- 
ious Schreier transversals which are kept secret between them. Bob then encodes 
w(h,, hj,4,-..) and computes the element w(0(h,), p(hj44),---) in G which he sends to Al- 
ice. This is sent as a matrix if G is alinear group or as a permutation if Gis a permutation 
group and so on. 

Alice uses the algorithm for G relative to G to rewrite w(p(h;), p(hj,4),...) as a word 
w*(X,,...,X) in the generators of G. She then uses the Schreier transversal for K in 
G to rewrite using the Reidemeister-Schreier process w* as a word w**(kj,...,k,) in 
the generators of K. Since K is free or has unique normal forms this expression for the 
element of K is unique. Once she has the word written in the generators of K she uses 
the transversal for H in K to rewrite again, using the Reidemeister-Schreier process, 
in terms of the generators for H. She then has a word w***(h;, hj,1,...) and using the 
allocation h; +> a, hj, +> b,... decodes the message. 

In an actual implementation an additional random noise factor is added. This is 
explained in more detail below. 

We now describe an implementation of this process using for the base group G 
the classical modular group M = PSL(2, Z). Further, this implementation uses a poly- 
alphabetic cipher which is secure. This was introduced originally in [67] and [68]. 

The system in the modular group M works as follows. A list of finitely generated 
free subgroups H,,...,H,, of M is public and presented by their systems of generators 
(presented as matrices). In a full practical implementation it is assumed that m is large. 
For each H; we have a Schreier transversal 


hy, peered hei, i 
and a corresponding ordered set of generators 
W,, peer Wm(i), i 


constructed from the Schreier transversal by the Reidemeister—Schreier process. It is 
assumed that each m(i) > I where 1 is the size of the plaintext alphabet, that is, each 
subgroup has many more generators than the size of the plaintext alphabet. Although 
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Bob and Alice know these subgroups in terms of free group generators what is made 
public are generating systems given in terms of matrices. 

The subgroups on this list and their corresponding Schreier transversals can be cho- 
sen in a variety of ways. For example the commutator subgroup of the modular group is 
free of rank 2 and some of the subgroups H; can be determined from homomorphisms 
of this subgroup onto a set of finite groups. 

Suppose that Bob wants to send a message to Alice. Bob first chooses three integers 
(m, q, t) where m is the choice of the subgroup H,,,, q is the choice of the starting point 
among the generators of H,, for the substitution of the plaintext alphabet, and t is the 
choice of the size of the message unit. 

We clarify the meanings of q and t. Once Bob chooses m, to further clarify the mean- 
ing of q, he makes the substitution 


anw brew 


mM, |? m,qtlr: 


Again the assumption is that m(i) > I so that starting almost anywhere in the sequence 
of generators of H,,, will allow this substitution. The message unit size t is the number 
of coded letters that Bob will place into each coded integral matrix. 

Once Bob has chosen (m, q, t) he takes his plaintext message w(a, b,...) and groups 
blocks of t letters. He then makes the given substitution above to form the corresponding 
matrices in the modular group: 


j oe 


We now introduce a random noise factor. After forming T,,...,T, Bob then multiplies 
on the right each T; by a random matrix in M say R;, (different for each T;). The only 
restriction on this random matrix R,, is that there is no free cancellation in forming the 
product 7;R,.. This can be easily checked and ensures that the freely reduced form for 
T;Rr, is just the concatenation of the expressions for T; and Ry. Next he sends Alice the 
integral key (m, q,t) by some public key method (RSA, Anshel-Goldfeld, etc.). He then 
sends the message as s random matrices 


TiRes. PResinte TR 


Hence what is actually being sent out are not elements of the chosen subgroup H,, 
but rather elements of random right cosets of H,, in M. The purpose of sending coset 
elements is two-fold. The first is to hinder any geometric attack by masking the sub- 
group. The second is that it makes the resulting words in the modular group generators 
longer—effectively hindering a brute force attack. 

To decode the message Alice first uses public key decryption to obtain the integral 
keys (m, q, t). She then knows the subgroup H,,,, the ciphertext substitution from the gen- 
erators of H,, and how many letters t each matrix encodes. She next uses the algorithms 
described in Section 24.2 to express each T;Ry, in terms of the free group generators of M 
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say W7,(Yj,..-5Yn). She has knowledge of the Schreier transversal, which is held secretly 
by Bob and Alice, so now uses the Reidemeister—Schreier rewriting process to start ex- 
pressing this freely reduced word in terms of the generators of H,,,. The Reidemeister- 
Schreier rewriting is done letter by letter from left to right. Hence when she reaches 
t of the free generators she stops. Notice that the string that she is rewriting is longer 
than what she needs to rewrite in order to decode as a result of the random matrix Rr. 
This is due to the fact that she is actually rewriting not an element of the subgroup but 
an element in a right coset. This presents a further difficulty to an attacker. Since these 
are random right cosets it makes it difficult to pick up statistical patterns in the genera- 
tors even if more than one message is intercepted. In practice the subgroups should be 
changed with each message. 

The initial key (m,q,t) is changed frequently. Hence as mentioned above this 
method becomes a type of polyalphabetic cipher which is difficult to decode. 


24.4 Non-Abelian Digital Signature Procedure 


We present a digital signature procedure based on non-Abelian groups developed by 
Ko, Lee etal., see [84]. In describing this protocol we must first introduce additional 
group theoretic decision problems. In Section 14.7 we discussed the three basic group 
decision problems for a finitely presented group G: the word problem, the conjugacy 
problem, and the isomorphism problem. Recall that in a finitely presented group G the 
conjugacy problem asks if there exists an algorithm to decide whether or not arbitrary 
words u and v in the generators of G are conjugate? That is, is there an x € G such that 
x ‘ux = v? To distinguish this from certain other decision problems using conjugacy we 
call this the decision conjugacy problem. For a finitely presented group G the conjugator 
search problem is the following. Given u, v € G that we know to be conjugate is there an 
algorithm to find z € G satisfying z ‘uz = v? 

In the following we use the notation uw” for z ‘uz. 

Let G be a non-Abelian group in which the conjugator search problem is infeasible 
and the decision conjugacy problem is solvable. Let {0,1}* be the set of all 0, 1 sequences 
and let h : {0,1}* — Gbe a hash function. Recall that a (cryptographic) hash function is 
a deterministic function h:S — {0,1}", which returns for each arbitrary block of data, 
called a message, a fixed size of bit strings. It should have the property that a change in 
the data will change the hash value. 

An ideal hash function has the following properties: 

(i) Itis easy to compute the hash value for any given message. 

(ii) It is infeasible to find a message that has a given hash value (preimage resistant). 
(iii) It is infeasible to modify a message. 

(iv) Itis infeasible to find two different messages with the same hash (collision resistant). 


With these ideas here is the Ko-Lee digital signature scheme. 
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— Key Generation: Alice wants to sign and send a message, m, to Bob. Alice begins by 
choosing two conjugate elements u,v € G with conjugator a. The conjugate pair 
(u, v) is public information while the conjugator a is Alice’s secret key. 

— Signature Generation: Alice chooses arbitrary b € G, and computes a = w’ and 
y = h(ma). Then a signature o on the message m is the triple (a, 8, y) where B = y” 
and y = yt . She sends this to Bob for verification and acceptance. 

- Verification: Upon receiving the signature, Bob checks whether or not the following 
hold: 

(1) There exists c; ¢ Gsuch that u = a". 

(2) There exist c,,c, ¢ Gsuch that y = B@ andy = y®. 

(3) There exists c, ¢ G such that uy = (aB)“. 

(4) There exists c, € G such that vy = (ay)%. 

Bob accepts the signature if and only if conditions (1)-(4) hold. 


The security of this scheme lies in the assumption that, given a pair of conjugate ele- 
ments u,v € G, finding elements a, B, y such that (1)-(4) above hold is infeasible. If the 
conjugator a can be found, then (a, 8, y) = (u’, y”, yrs ) satisfy properties (1)—(4) for any 
b € G. Hence the conjugacy search problem has to be infeasible. 


24.5 Password Authentication Using Combinatorial Group Theory 


Closely related to digital signatures is the problem of secure password authentication. 
With the increased use of online credit card transactions there is at present more than 
ever a need for secure password identification. For many online purchases, this is be- 
ing carried out by a challenge response system accompanying the password. In the sim- 
plest systems this takes the form of secondary password questions such as the user’s 
mother’s maiden name or place of birth. There are inherent difficulties with these types 
of challenge response systems. First of all there is the trivial problem of the users re- 
membering their responses. More critical is the problem that this type of information 
for many people is readily available and easily found or guessed by would-be attackers 
or eavesdroppers. 

Challenge response systems are also subject to man-in-the-middle attacks and re- 
play attacks. In this section we present an alternative method for challenge response 
password authentication using combinatorial group theory. In particular this method 
depends upon the difficulty of solving the word problem within a given finitely pre- 
sented group without knowing the presentation and the difficulty of solving systems of 
equations within free groups. This latter problem has been proved to be NP-hard. 

These group theoretic techniques have several major advantages over other chal- 
lenge response systems. We will call the password presenter, the prover, and the pass- 
word presentee, the verifier. The methods we present can be used for two-way authen- 
tication, that is to both verify the prover to the verifier and to verify the verifier to the 
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prover. To each user in conjunction with a standard password there will be assigned a 
finitely presented group with a solvable word problem. We call this the challenge group. 
This will be done randomly by the group randomizer system and will be held in secret 
by the prover and the verifier. 

Cryptographically, we assume the adversary can steal the encrypted form of the 
group theoretic responses. Probabilistically this does not present a problem. Each chal- 
lenge response set of questions forms a virtual one time key pad as we will explain. 
Therefore the adversary must steal three things: the original password, the challenge 
group and the group randomizer. Hence there is almost total security in the challenge 
response system. 

Further there is an infinite supply of finitely presented groups to use as challenge 
groups and an infinite supply of challenge response questions that never have to be 
duplicated. We will explain these in the section on this protocol’s security. Finally the 
method is symmetric between the verifier and the prover, so while the verifier verifies 
the prover’s password simultaneously the prover verifies that he or she is dealing with 
the verifier. 

The theoretical security of the system is provided by several results in asymptotic 
group theory which we discuss in Section 24.6. In particular, a result of Lysenok and 
Myasnikov, see [91], implies that stealing the challenge group is NP-hard while a result 
of Jitsukawa, see [81], says that the asymptotic density of using homomorphisms to attack 
the group randomizer protocol is zero. 

The whole password protocol depends upon the group randomizer system. This is 
a computer program that can handle several elementary tasks involving finitely pre- 
sented groups. The scope of the particular group randomizer system will depend on 
the type of login protocol or cryptographic protocol desired. At the most basic level the 
group randomizer system has the ability to do the following things: 

1. Torecognize a finite presentation of a finitely presented group with a solvable word 
problem and manipulate arbitrary words in the alphabet of generators according 
to the rewriting rules of the presentation. In particular, if the group has a normal 
form for each element, the group randomizer can rewrite an arbitrary word in the 
generators in terms of its group normal form. 

2. Given a finite presentation of a group with a solvable word problem, to recognize 
whether two free group words have the same value in the given group when con- 
sidered in terms of the given generators of the group. 

3. To randomly generate free group words on an alphabet of any finite size. 

To recognize and store sets of free group words w,,...,w, on an alphabet x;,...,X;, 

and rewrite words w(w,...,W),) as the corresponding word in x,,...,X,. 

5. Given a free group of finite rank on x,,...,x, and a set of words w,,...,w, on an al- 
phabet x,,...,X,,, to solve the membership problem in F relative to H = (wj,..., Wx), 
the subgroup of F generated by wy, ..., Wx. 

6. Given a stored finitely presented group or a stored set of free group words, the ran- 
domizer can accept a random free group word and rewrite it as a normal form in 
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the finitely presented group in the former case or as a word in the ambient free 
group in the latter case. 


We now present several variations on secure password authentication using the group 
randomizer. First we give an overall outline of the protocol. 


24.5.1 General Outline of the Authentication Protocol 


This is a symmetric key cryptographic authentication protocol. Both the prover and ver- 
ifier use a single private key to both encrypt and decrypt within the authentication pro- 
cess. At the first step the prover and verifier must communicate directly, either face-to- 
face or by a public key method, to set the private shared secret. This is the model now 
used for most password/password back-up schemes. We assume that both the prover 
and verifier have a group randomizer system. For security analysis we assume that an 
adversary or eavesdropper has access to the encrypted form of the transmission but is 
passive in that the adversary will not change any transmissions. 

1. The prover and verifier communicate directly to set up a common shared secret 
(P,G) where P is a standard password and G is a challenge group. Each prover’s 
challenge group is unique to that prover. The challenge group is a finitely presented 
group with a solvable word problem and satisfying the strong generic free group 
property which we discuss in Section 24.6. The password is chosen by the prover 
while the challenge group is randomly chosen by the group randomizer system. 

2. The prover presents the password to the verifier. The group randomizer of the ver- 
ifier presents a group theoretic “question” concerning the challenge group G to the 
prover. The assumption is that this “question” is difficult in the sense that it is in- 
feasible to answer it if the group G is unknown. The question is then answered by 
the group randomizer. This is repeated a finite number of times. If the answers are 
correct, the prover (and the password) is verified. 

3. The protocol is then repeated from the viewpoint of the prover, authenticating the 
verifier to the prover. 


24.5.2 Free Subgroup Method 


We assume that both the prover and the verifier has a group randomizer. Each prover 
has a standard password. Suppose that F is a free group on {x,,...,X,}. The prover’s 
password is linked to a finitely generated subgroup of a free group given as words in 
the generators, that is, the prover’s password is linked to w,,...,w, where each w; is a 
word in X;,...,X,. The group G = (wy,...,W,) is called the challenge group. In general 
we have k # n. The prover does not need to know the generators. The randomizer can 
randomly choose words from this subgroup and then freely reduce them. The prover 
has the challenge group or subgroup also stored in its randomizer. 
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The prover submits his or her standard password to the prover. This activates the 
verifier’s randomizer to the prover’s set of words. The verifier now submits a random 
free group word on y,,...,y; to the prover’s randomizer say w(yj,...,y;,). The prover’s 
randomizer treats this as w(w ,...,w ;,) and then reduces it in terms of the free group 
generators x;,...,X, and rewrites it as w*(x;,...,X,). The verifier checks that this is cor- 
rect, that is, w(W,,...,W,) = W*(X;,...,X,) on the free group on x;,...,X;,. If it is, the 
verifier continues and does this three (or some other finite number) of times. There is 
one proviso. The verifier submits a word to the prover only once, so that a submitted 
word can never be reused. The prover’s randomizer will recognize if it has (this is a 
verification to the prover of the verifier). 

To verify that the verifier is legitimate, the process is repeated from the prover’s 
randomizer to the verifier. 

An attacker only has access to the transmitted words. Given a series of free group 
words there is essentially zero probability of reconstructing the subgroup. To prevent an 
attacker using an already used word to gain access, the group randomizer system allows 
a free group word, submitted as a challenge word, to be used only once. If an attacker 
gets access to the verifier and submits an already submitted word or vice versa from the 
prover, this will red flag the attempt. We also suggest that if there is a previously used 
word, indicating perhaps an attack, the group randomizer should change the prover’s 
group. The beauty of this system is that this can be done extremely easily; change several 
of the words for example. Essentially this presents an essential one-time key pad each 
time the prover presents the password. The map y; — w;, is a homomorphism and an 
attacker can manipulate various equations in an attempt to solve. Presumably, if there 
are enough equations, the words wy, ..., w; can be discovered. However, in Section 24.6 
we present a security proof based on several results in asymptotic group theory showing 
that this cannot happen with asymptotic density one. 

We suggest a noise/diffusion enhancement. The provers challenge group generator 
words W;,...,W; are indexed. With each use the randomizer applies a random permu- 
tation ¢ on {1,...,k} to scramble the indices. These permutations are coded and stored 
both in the prover’s randomizer and the verifier’s one. This prevents a length based at- 
tack by an eavesdropper since discovering, for example, what w37 is, is of no use since 
it will be indexed differently for the next use. The coded permutation is sent as part of 
the challenge. 


24.5.3 General Finitely Presented Group Method 


This is essentially the same method, however, rather than working with an ambient free 
group we work with a given finitely presented group with a solvable word problem. Let 
G = (X;R) be the group. As before we assume that both the prover and the verifier has a 
group randomizer. Each prover has a standard password. Suppose that X = {x;,...,X,} 
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and F is a free group on {x,,...,X,}. The prover’s password is linked to a finitely gen- 
erated subgroup of G again given as words in the generators X, that is, the prover’s 
password is linked to w,,..., w, where each w; is a word in x,,...,X;,. As before, we let 
k #n. The randomizer can randomly choose words from this subgroup and then reduce 
them via the finite presentation. The verifier has the group and subgroup also stored in 
its randomizer. 

The remainder of the procedure is exactly the same as in the free group case. The 
prover submits his or her standard password to the verifier. This activates the verifier’s 
randomizer to the prover’s set of words. The verifier now submits a random free group 
word ony,,...,y, to the prover’s randomizer, say, W(yj,...,Y,). The prover’s randomizer 
treats this as w(w,,..., w,) and rewrites it as w*(x;,...,X;,). The verifier checks that this 
is correct, that is, w(W;,...,W,) = W*(X,,...,X;,), however, this time in the group G. Ifit is, 
the verifier continues and does this three (or some other finite number) of times. There 
is one proviso. The verifier submits a word to the prover only once so that a submitted 
word can never be reused. The prover’s randomizer will recognize if it has (this is a 
verification to the prover of the verifier). 

To verify that the verifier is legitimate, the process is repeated from the prover’s 
randomizer to the verifier. 

As in the free group method, an attacker only has access to the transmitted words. 
Given a series of group words there is zero probability of reconstructing the group, how- 
ever, as in the free group method a given challenge response word is to be used only 
once. 


24.6 The Strong Generic Free Group Property 


Part of the theoretical security of the group randomizer protocols depends on the 
strong generic free group property and asymptotic density. Asymptotic density is a gen- 
eral method to compute densities and/or probabilities on infinite discrete sets where 
each individual outcome is tacitly assumed to be equally likely. The origin of asymptotic 
density lie in the attempt to compute probabilities on the whole set of integers where 
each integer is considered equally likely. The method can also be used where some 
probability distribution is assumed on the elements. It has been effectively applied to 
determining densities within infinite finitely generated groups where random elements 
are considered as being generated from random walks on the Cayley graph of the group. 
The paper [70] by Borovik, Myasnikov and Shpilrain provides a good general descrip- 
tion of the probability method in group theory. Let P be a group property and let G be 
a finitely generated group. We want to determine the measure of the set of elements 
which satisfy P. For each positive integer n let B, denote the n-ball in G. Let |B,,| denote 
the actual size of B,, (which is an integer since G is finitely generated) or the measure of 
|B,| if a distribution has been placed on the elements of G. Let S be the set of elements 
in G satisfying P. The asymptotic density of S is then 
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provided this limit exists. We say that the property P is generic if the asymptotic density 
of the set S of elements satisfying P equals 1. 

This concept can be easily extended to properties of finitely generated subgroups. 
We consider the asymptotic density of finite sets of elements that generate subgroups 
that have a considered property. For example, to say that a group has the generic free 
group property we mean that 


Sm OBmarl _ 
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where S,,, is the collection of finite sets of elements of size m that generate a free sub- 
group while B,,, are all the m-element subsets within the n-ball. We refer to the pa- 
per [70] and the book [93] for terminology and further definitions. 

We say that a group G has the generic free group property if a finitely generated sub- 
group is generically a free group. For example, a result by Epstein, see [25], says that the 
group GL(n, R) satisfies the generic free group property. A group G has the strong generic 
free group property if given randomly chosen elements g;,...,g,, in G then generically 
they are a free basis for the free subgroup they generate. Jitsukawa, see [81], proved 
that free groups have the strong generic free group property. That is, given k random 
elements W,,...,W; in the free group on y,,...,y,, then with asymptotic density one the 
elements Wy,...,W, are a free basis for the subgroup they generate. We compare this 
with the Nielsen—Schreier theorem that says that w,,...,w, generate a free group. In 
the context of the group randomizer protocols, the strong generic free group property 
implies that ifv,(y;,...,Vm)>--->V(Vys--->Ym) have already been presented as challenge 
words then the probability is approximately zero that a new challenge word v(yj,... Ym) 
lies in the subgroup generated by v,,...,v,, and hence a homomorphism attack is nulli- 
fied. 

The strong generic free group property has been extended to many classes of groups 
including surface groups by Fine, Myasnikov and Rosenberger, see [29]. Let us mention 
some further results. Gilman, Myasnikov and Osin, see [77], showed that torsion-free 
hyperbolic groups have the generic free group property. Myasnikov and Ushakov, see 
[94], showed that pure braid groups P, with n > 3 also have the strong generic free 
group property. We will show that all Fuchsian groups of finite co-volume and all braid 
groups B, with n > 3 have the strong generic free group property. 

Extremely useful in proving that a group has the generic or strong generic free 
group property is the following, see Exercise 6. 


Theorem 24.6.1. Let G be a group and N anormal subgroup. If the quotient G/N satisfies 
the strong generic free group property then G also satisfies the strong generic free group 


property. 
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Corollary 24.6.2. Any orientable surface group 
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of genus g > 2 and any nonorientable surface group 
22 
(Ay... Ags Ay +++ A, = 1) 


of genus g > 4 satisfies the strong generic subgroup property. 


In general, asymptotic density is not independent of finite generating systems. In- 
deed, it is possible for a group property to be generic with respect to one finite generating 
system and negligible with respect to another, see [32]. We call a group property P suit- 
able for a finitely generated group G ifit is preserved under isomorphisms and its asymp- 
totic density is independent of finite generating systems and supersuitable for G if its 
suitable both for G and all subgroups of finite index in G. It is clear that the strong generic 
free group property is suitable in any group G which has a non-Abelian free quotient. 


Corollary 24.6.3. The strong generic free group property is suitable in any finitely gener- 
ated group G which has a non-Abelian free quotient. 


We remark that in a strong generic free group the conjugacy problem and the root 
extraction problem are generic problems. 

In [23] it was shown that there is an interesting connection between the strong 
generic free group property of a group G and its subgroups of finite index. The main 
result of that paper is that a finitely generated group which has a non-Abelian free quo- 
tient satisfies the strong generic free group property if and only if each subgroup of finite 
index satisfies the strong generic free group property. As a consequence of this and The- 
orem 24.6.4, it follows that many important classes of groups, such as finitely generated 
Fuchsian groups with finite co-volume and the braid groups B, for n > 3 satisfy the 
strong generic free group property. 


Theorem 24.6.4 (Inheritance Theorem). Let G be a finitely generated group andH c Ga 
subgroup of finite index [G : H] = n < oo. Let P be the strong generic free group property. 
Then: 

1. IfP isasuitable and generic property in H then it is also suitable and generic in G. 
2. IfP isasuitable and generic property in G then it is also suitable and generic in H. 


Proof. Let X be a finite generating system for G. As X is finite, it follows that H is finitely 
generated, and H has finite index in G. Let Y be a finite generating system for H. Let P 
be the strong generic free group property and suppose that P is a suitable and generic 
property in H. Let S,, be the collection of m element subsets that generate a free sub- 
group of G. 


24.6 The Strong Generic Free Group Property —— 387 


Let B,(G) be the ball of radius k in the Cayley graph of G (with respect to X). Since 
H isa subgroup of finite index n in G, there exists a complete system of representatives 
Q,...,4, € G for the left cosets of H in G. We consider the elements of H as vertices in 
the Cayley graph of G. Let B, (H) be the set of vertices in B, (G) which belong to H. For alli 
let a;B),(H) denote the displaced B,(H) around the representative a; in the Cayley graph 
of G, that is the set of all elements of the form a;h, where h ¢€ H is of length < k. Define 
Bi(H) = Uj 4;B;(H) as the (disjoint) union of these B,(H). We have |B;,(H)| = n-|B,(H)|, 
since the cosets a;H and also the a;B,(H) with them are pairwise disjoint. Let t < IN be 
the length of the longest geodesic in the Cayley graph of G from the identity element 1 to 
one of the representatives a;. With this t we have 


Bi_,(H) ¢ B,(G) ¢ By, (A). (1) 


Now let Bn x(G) and a;Bm,.(H) be the collection of m element subsets within B,(G) and 
a,;B,(H), respectively, fori = 1,...,m.Let A be any m-element subset within B,(G). Then 
A splits into the disjoint union 7, A; of m,-element subsets A; within a;B,,,(H) for i = 
1,...,n and we have 0 < m; < mfor all i (some of the m; may be zero). 

In this sense, if we define B},, ,(H) = Vileed A;Bm,x(H), m= m, +--+ + M,, then we get 
the inclusions 

Bry p-tH) © Bryk(G) © Bry x4¢(H)- (’) 

Here, we consider a disjoint union (Jj, A; of m,-element subsets A; in a;B,_;(H) with 
m,+-:-+m, = mas an m-element subset B,(G). If A is a free generating system for a 
free subgroup of G, then each 4; is a free generating system for a free subgroup of G. 
Then intersecting with S,,, leads to 


Sin Bin g-tH) © Sin OU Bra(G) © Sin 1 Bin t(D. (2) 


On the other hand, if some A; ¢ a,;B,(H) contains a subset which generates a free sub- 
group of G, then also A; = aja; A; c a;B,(H) contains a subset which generates a free 
subgroup of G. More concretely, if A; freely generates a free subgroup of rank p, then 
(Aj) has a p generating system which contains a basis for a free subgroup of rank at 
least p - 1. 

This shows that for k large enough the sets S,, M @;Bm,x(H) are of the same order of 
magnitude in m. Applying this we get approximately the equality 


ISin NB (A)| = ISin 1 Bax) 


= 3 
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for k and m large enough. 
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Assume that P holds and is suitable in H. Then there exists a constant integer s > 0 
such that the length of each y € Y written as a word in X is less then s. Therefore the 
fraction on the right hand side of (3) converges to 1 as k > co and m — ow. Therefore 


i Sm nN Bmx(G)| = 
m,k—>oo |Bm,x(G)| 


from the inclusions (1’) and (2), completing the proof of (1). The proof for (2) follows in 
an entirely analogous manner. 


As mentioned above if a finitely generated group G has a non-Abelian free quotient 
then the strong generic free group property holds in G and is suitable. Therefore we 
have the following corollary. 


Corollary 24.6.5. Let G be afinitely generated group andH c Ga subgroup of finite index. 
Assume that both G and H have non-Abelian free quotients. Then G has the strong generic 
free group property if and only if H has the strong generic free group property. 


We now show the strong generic free group property for braid groups. 
Theorem 24.6.6. The braid group B,, n = 3, has the strong generic free group property. 


Proof. Denote by o;;,, the transposition (i,i + 1) in the symmetric group S,,. The map 
O; > Ojj414,1 = 1,...,n — 1, defines a canonical epimorphism 7:B, — S,. The kernel 
of o is a subgroup of index n! in B,, called the pure braid group PB,,. The group PB,, 
n > 3, maps onto the group PBs, and the group PB; is isomorphic to F, x Z, where F, is 
the free group of rank 2. Hence, PB,, n > 3, maps onto F,. Now, the result follows from 
Corollary 24.6.3 and the Inheritance Theorem 24.6.4. 


Corollary 24.6.7. The root extraction problem is a generic problem in B,, n > 3. 


We now describe an authentication scheme based on the root extraction problem 
as given in [88]. Let B,, n > 3, be the braid group generated by oj,...,0, with n even. 
Write LB, for the braid group generated by j,..., Oxy and UB, for the group generated 
by On 445-++5%- 

Alice chooses two integers r,s > 2, and two elements a « LB, andc ¢€ B,. Then 
B,,, LB, UB,,X = a’ca*,c,r,s are public and a is secret. The authentication is as follows. 
Bob chooses an element b € UB,,, and sends to Alice Y = b’cb*. Alice computes Z = a’ Ya* 
and sends it to Bob. Finally, Bob verifies that Z = b’Xb*. The security is based on finding 
aroot x in B, when x”, m > 2, is given. 

In the protocol a secret braid x is chosen at random, and the braid y = x” is made 
public. Hence, we are dealing with braids for which an mth root is known to exist. This 
means generically we may find the mth root of y very fast. The interest of braid groups 
for cryptography has decreased due to the appearance of algorithms which solve, for 
instance, the conjugacy problem and the root extraction problem, fast in the generic 
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case. The main problem with the cryptographic protocols based on braid groups turns 
out to be the key generation. 

Public and secret keys are so far chosen at random, and this implies often that the 
protocols are insecure against algorithms which have generically a fast complexity. The 
importance and the future of braid groups cryptography depends on finding a suitable 
key generation procedure, or in popular words, in finding so-called suitable black holes. 
Another promising possibility is to look for nongeneric properties of braid groups which 
could be used for cryptographic protocols. 


24.6.1 Security Analysis of the Group Randomizer Protocols 


In order to analyze the security of the group randomizer password protocols, we make 
the security assumption that an adversary has access to the coded group theoretic re- 
sponses. The strength of the proposed protocol include that an attacker must steal three 
things: the original password, the group randomizer and the challenge group. There is 
no access without all three. This immediately nullifies middleman attacks. If the adver- 
sary pretends to be the verifier to obtain the group words the attack is thwarted by the 
facts that the prover can verify the verifier and further if the attacker just transmits from 
the middle, nothing can be stolen since each time through a new challenge word must 
be used. Further, the group randomizer has an infinite supply of both subgroups and 
challenge responses that are done randomly. In addition, since a challenge word can 
be used only once the protocol nullifies replay attacks. Since challenge responses are 
machine to machine there is essentially zero probability of an incorrect response. The 
protocol shuts down with an incorrect response and hence repeat attacks are harmless. 

These are in distinction to answer-driven challenge-response systems where a 
prover often forgets or misspells a response. In these systems a prover is usually per- 
mitted several opportunities to answer making it susceptible to both man-in-the-middle 
and repeat attacks. 

There are two theoretical attacks that must be dealt with. Relative to these the se- 
curity of the system, and hence a security proof for the protocol, is provided by several 
results in asymptotic group theory. 

The most straightforward attack is for the adversary to collect enough challenge 
words and responses. This provides a system of equations in a free group (or a finitely 
presented group) 


Vi, Vi, = Wi -- Xn); i=1,...,m. 
An adversary can then break the protocol by solving the system 
Zi = W(X, wane Xn) 


to obtain the challenge group. 
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However, a result by Lysenok and Myasnikov, see [91], shows that solving such sys- 
tems of equations in free groups (and in most finitely presented groups) is NP-hard. 
Hence this method of attack is impractical in most cases. 

A second method of attack is based on the following. The mapping y; — w; is a ho- 
momorphism. If a challenge word appears in the subgroup generated by previous chal- 
lenge words then an attacker can use this to answer a challenge without ever solving for 
the challenge group. However, the probability of succeeding with this approach is essen- 
tially zero due to Jitsukawa’s result mentioned in the previous section. Each challenge 
word lies in a free group which has the strong generic free group property. Hence as ex- 
plained in the previous section the probability is essentially zero that a new challenge 
word is in the subgroup generated by previous challenge words. 


24.6.2 Implementation of a Group Randomizer System Protocol 


The actual implementation of a workable group randomizer system protocol involves 

several choices of parameters and subprograms. These include the following choices. 

1. The choice of the rank of the ambient free group in the group randomizer systems 
Aand B. 

2. Anenhancement program which takes randomly chosen words w,,...,W; ina free 
group F and finds a new set of words vy,...,v, generating the same subgroup for 
which the words formed in v,,...,V, have a great deal of free cancellation. This 
involves Nielsen transformations, see Section 14.3. 

3. The choice of parameter sizes for the lengths of the randomly chosen words. In an 
actual implementation all words in the generators will have lengths between a and 
bwhere aand bare to be determined. All words used as test logins will have lengths 
between c and d with c and d to be determined. 

The determination of the optimal values of a, b, c, d are being studied. 

4. Theimplementation of a coded permutation system on {1,...,k} where k is the rank 
of the challenge group and which can be sent with each challenge word. 

5. The development of an automatic reset protocol for the challenge group. In an ideal 
situation this can be done without actually communicating the changes between 
verifier and prover. That is, each randomizer system does the same protocol auto- 
matically when reset is called for. 


24.7 A Secret Sharing Scheme Using Combinatorial Group Theory 


Recall that the secret sharing problem is the following. We have a secret K and a group of 
n participants. This group is called the access control group. A dealer allocates shares to 
each participant under given conditions. If a sufficient number of participants combine 
their shares then the secret can be recovered. If t < n then an (t,n)-threshold scheme 
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is the one with n total participants and in which any t participants can combine their 
shares to recover the secret but not fewer than t. The number t is called the thresh- 
old. The scheme is called a secure secret sharing scheme if, given fewer shares than the 
threshold, there is no chance to recover the secret. 

Panagopoulos, see [96], devised a secret sharing scheme based on the word problem 
in finitely presented groups. It is an (t, n)-threshold scheme and its main advantage over 
many other secret sharing schemes is that it does not require the secret message to be de- 
termined before each individual person receives his share of the secret. For this scheme 
it is assumed that the secret is given in the form of a binary sequence. The scheme is as 
follows. 

1. A finitely presented group G = (X1,X9,...,X;5T) = +: = lm = 1) is chosen. It is 
assumed that the word problem is solvable for the presentation and that m = (,",). 
2. Let A;,...,A;, be an enumeration of the subsets of {1,...,n} with t — 1 elements. 

Define n subsets Ry,...,R, Of {ry,...,7m} such that 7; € R; if and only ifi ¢ A; for 

i=1,...,nandj =1,...,m.Then for every) ¢ {1,...,m}, the word 7; is not contained 

in exactly t — 1 of the subsets R,,...,R,. It follows that 7; is contained in any union 

of t of them, whereas if we take any t—1 of the sets R,,...,R,, there exists an index j 

such that 7; is not contained in their union. 

3. Distribute to each of the n persons one of the sets R,,...,R,. The set {x,,...,X;,} is 
known to all participants. 

4. Ifthe binary sequence to be distributed is a,,...,a,, construct and distribute a se- 
quence of elements w,,...,w, of G such that we have w; = 1 in G if and only if 

a; = 1 fori = 1,...,k. The word w, must involve most of the relations r; = 1,..., 

lm = Lif w; = 1. Furthermore, all of the relations must be used at some point in the 

construction of some element. 


Then any t of the n persons can obtain the sequence a,,...,a;, by taking the union of 
the subsets of the relations of G that they possess. Thus they obtain the presentation 
G = (X%4)Xq.-.5Xy5Ty = °° = Tm = 1) and can solve the word problem w; = 1 in G for 
i= 1,...,k. A collection of fewer than t persons cannot decode the message correctly, 
since the union of fewer than t of the sets R,,...,R, contains some but not all of the 
relations rj,...,1m- 

Such a collection leads to a group presentation 


G= (Xyy Xq50 0 XS, =--=P7, =1) 


with p < mand G # G, where w, = 1 in Gis, in general, not equivalent to w; = 1 in G. 
Notice that the secret sequence to be shared is not needed until the final step. It is 
possible for someone to distribute the sets R,,..., Rm and decide at a later time what the 
sequence ay,...,a, would be. In that way the scheme can also be used so that t of then 
persons can verify the authenticity of the message. In particular, the binary sequence in 
Step 4 may contain a predetermined subsequence (signature) along with the actual mes- 
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sage. Then any t persons may check whether this predetermined sequence is contained 
in the encoded message and thus validate it. 
In the paper by Panagopoulos, see [96], he also describes some methods for attacking 
this scheme and makes some suggestions for possible group presentation types to use. 
Moldenhauer [90] proposed a modification of Panagopoulos’ (t, n)-threshold scheme 
using Nielsen transformations. We need the following. 


Theorem 24.7.1. Let T;,T,... bea countable number of matrices of the form 


2 
Le i ae) 
J 1 1 


where r; are integers and rj,, — 1; = 3,1 = 2. Then the T;,T,... form a basis of a free 


group of countable rank. 


Proof. The isometric circle of T; is given by |z—r;| = Land that of T;" is given by |z+rj| = 1. 
The respective isometric disks 


K(T,),K(T;'),K(p),K(T;'),... 


are pairwise disjoint because of the restriction on rj. Let F be the group generated by 
{T,, Ty,...}. Clearly, F is a subgroup of SL(2, Z). Let S, ---S, be a reduced word in F. Each 
5; is a T; or Tj. It may happen that S;,, = S;. Suppose p lies outside every isometric disk 
K(Tj), K(T;"), j = 1,2,.... Such a P exists because F is a subgroup of the SL(2, Z). Then 
S,(P) lies inside K (S; tye Since S,(P) lies outside K(S>), this is true even if S; = Sy, itis seen 
that S,S,(P) is inside K(S;'). We conclude that Q = S,---S;(P) is inside K(S;,'). Hence, 
S;,+++S, # 1(= E,). This shows that F is free on {Tj, T>,...}. 


We now describe the modified (t, n)-threshold scheme. We write N,, instead of Tj 
and choose a large number m of the form m = 2”, n > 64. This allows us to use the idea 
of linear congruence generators (modulo m) to get a stream cipher. The dealer performs 
the following to distribute the secret among n participants: 

1. Start witha set (x,,N,.),...(Xm>N,,,), where x;,..., Xm are the generators of the free 
group F(x,,...,Xm) and N,,,...,N, are matrices in SL(2, Z) of the form 


N, = e -1+ z 
; 1 Tj 


satisfying r, > 2 and rj;,, => 1; + 3 (more generally, any free generating set for a free 
subgroup in SL(2, Q)). The secret is a rational number 


y 


m 
i=1 


1 5) 1 
|r, & iri 
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2. Apply a sequence of Nielsen transformations to the set of pairs above to obtain a 
new set 


(V1,.M;),.--5 Vins Min). 


3. Distribute subsets in Panagopoulos’ scheme. To recover the secret, perform the fol- 
lowing: 

4. Take a union of their shares. In the case that t participants gather, they are able to 
recover the set (V,,My,...;Vin» Min). 

5. Apply a sequence of Nielsen transformations to the obtained set of pairs in order 
to Nielsen-reduce the first components and obtain the set x,,...,X,, in the first 
components. As a result, in the second components, we get the original matrices 
N,,,.-.»N;,,. Compute the sum Yj", Tae 

Kotov, Panteleev and Ushakov, see [87], analyzed this secret sharing protocol. They 

could reduce it to a system of polynomial equations over the free group F({X;,...,Xm}U 

{d,,...,@m_}) where x; stands for an unknown matrix N,, and a; stands for the ma- 

trix M;. Replacing x; with an unknown matrix N,, and a; with M; and performing matrix 

multiplication, we obtain a system of polynomial equations which can further fed to 
any computer algebra system that can solve polynomial equations, for instance CoCoA. 

The solution of the systems provides the original matrices Mj,...,M,,. The attack 
reconstructs the original data generated by the dealer and does not depend on the func- 
tion of M,,...,M,, used to calculate the shared secret. It seems unlikely that their attack 
is successful if m > 2%. If so, for chosen matrices N,,>---»N,,, we still may collect in each 
round m new matrices from the countably many and/or may use the stream cipher for 
a one-time pad. 

Moreover, increasing the length of keys, the number of Nielsen transformations in- 
creases the sizes of polynomials and seems to be successful countermeasure against 
their attack. Another possibility to repel such attacks is to change the tactic and to work 
with more general matrices N,,, N,,,... which form a free generating set of a free sub- 
group in SL(k, R), k = 2. 


24.8 Ko-Lee and Anshel-Anshel-Goldfeld Protocols 


All of the non-Abelian group based protocols depend on the difficulty of solving certain 
group decision problems and group theoretical computational problems. Recall that the 
conjugacy problem, also called the decision conjugacy problem, for a group G, or more 
precisely for a group presentation for G, is the following: given g,h ¢€ G, determine 
algorithmically if they are conjugate. 

The conjugacy problem is unsolvable in general, that is, there exist group presen- 
tations for which there does not exist an algorithm that solves the conjugacy problem. 
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Hence a solution to the conjugacy problem is usually associated with a particular class 
of group presentations. For example, the conjugacy problem is solvable in free groups 
and in torsion-free hyperbolic groups. 

Relevant to the Ko-Lee protocol is the conjugator search problem. This is, given a 
group presentation for G, and two elements gj, g2 in G, that are known to be conjugate, 
to determine algorithmically a conjugator, that is, an element h € G with g, = hg,h"1. It 
is known, as with the decision conjugacy problem, that the conjugator search problem 
is undecidable in general. 


24.8.1 The Ko-Lee Protocol 


Ko, Lee et al., see [85], developed a public key exchange system that is a direct translation 
of the Diffie-Hellman protocol to a non-Abelian group theoretic setting. Its security is 
based on the difficulty of the conjugacy problem. We assume that the platform group 
has nice unique normal forms that are easy to compute for a given group element but 
hard to recover the individual group elements under group multiplication. 

Recall from Section 24.1 that by this we mean that if G = (X;R) is a finite presenta- 
tion for the group Gand g « Gthen there is a unique expression NF (g) called a normal 
form as a word in the generators X. Further, given any g € Git is computationally easy 
to find NFy(g). On the other hand, given g;, g, € Gand given the normal form NFy(g;g5), 
it is computationally difficult to recover g, and g,. We say that there is good diffusion in 
terms of normal forms in forming products. 

In any group G and for g,h € G the notation g” indicates the conjugate of g by h, 
that is, gh = hgh. What is important for both the Ko—Lee and Anshel-Anshel-Goldfeld 
protocols is that relative to this notation, group conjugation behaves exactly as ordinary 
exponentiation. That is for groups elements g,h,,h, ¢ G we have (ght) = ght That 
this is true is a straightforward computation 


he i 3 3 
(g@)? = hy gh, = hy'hy'ghyhy = (Iylg) 1g (hyNy) = g™™. 


With this observation, the Ko-Lee protocol exactly mimics, using group conjuga- 
tion, the traditional Diffie-Hellman protocol. We first start with a platform group G sat- 
isfying the necessary requirements on normal forms. We assume further that the plat- 
form group G has a collection of large (noncyclic) subgroups that commute elementwise. 
That is, if A, B are two of these subgroups and a ¢ Aand b ¢ B, then ab = ba. It is not 
necessary that the subgroups themselves be Abelian. 

Alice and Bob choose a pair of these commuting subgroups A and B of the platform 
group G. A is Alice’s subgroup while Bob’s subgroup is B and these are secret. By assump- 
tion each element of A commutes with each element of B. Further, it is not assumed that 
A and/or B are themselves Abelian. Now the method completely mimics the classical 
Diffie-Hellman technique. 
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There is a public element g ¢€ G, Alice chooses a random secret element a € A and 
makes public g“, the conjugate of g by a. 

Bob chooses a random secret element b € B and makes public g” the conjugate of g 
by b. The secret shared key is get . Notice that ab = ba since the subgroups commute. It 
follows then that 


just as if these were ordinary exponents. 

It follows, as in the number theoretic based Diffie-Hellman protocol, that both Bob 
and Alice can determine the common secret. Alice knows her secret key a and Bob’s 
public key g’. Hence she knows (g”)* = g?“. Bob knows his secret key b and g“ is public. 
Hence Bob knows (g“)’ = g”. However, as explained g® = g’“. The difficulty is in that 
of the decision conjugacy problem. 

It is known that both the decision conjugacy problem and the conjugator search 
problem are undecidable in general. However, there are groups where both are solvable 
but hard, that is the problems are solvable but are not solvable in polynomial time. These 
groups then become the target platform groups for the Ko—-Lee protocol. Ko and Lee 
in their initial work suggest the use of the braid groups. We will discuss braid group 
cryptography later in this chapter. 

We now summarize the formal setup for the Ko—Lee Key Exchange Protocol. After 
this we will show how to use the ElGamal method to construct a public key encryption 
system from this. 


24.8.1.1 Ko-Lee Preparation 

1. We start with a platform group G. We assume that G has a finite presentation with 
efficiently computable normal forms that have good diffusion. Further the group G 
must have a large collection of subgroups that commute elementwise. 

2. Wechoose an element g € G. 

3. Weassume that Alice wants to share a common key with Bob. Alice and Bob choose 
subgroups A and B that elementwise commute. A is Alice’s subgroup and B is Bohb’s 
subgroup. These subgroups are kept secret and known only to Bob and Alice, re- 
spectively. 


Ko-Lee Key Exchange 

1. Alice randomly chooses an a €¢ A. This element a will be her secret key. Her public 
key is (g,¢*) where g“ = a‘ga is the conjugate of g by her secret key a. All pub- 
lic information and communication is done in terms of the normal forms of these 
elements. 

2. Bob randomly chooses an element b € B. This element b will be his secret key. His 
public key is (g,g”) where g? = b~'gb is the conjugate of g by his secret key b. As 
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with Alice all public information and communication is done in terms of the normal 
forms of these elements. 
3. The secret shared key is g@. 


24.8.1.2 ElGamal Encryption Using the Ko-Lee Protocol 
As with the standard Diffie-Hellman key exchange protocol using number theory, the 
Ko-Lee protocol can be changed to an encryption system via the ElGamal method. There 
are several different variants of noncommutative ElGamal systems. At the simplest level 
we assume that we have a group G appropriate for the Ko—Lee key exchange and that 
Alice and Bob want to communicate secretly. The element g € G is public and Alice and 
Bob, respectively, have chosen their appropriate commuting subgroups A and B. Bob 
has made public g’ for b « B in normal form and Alice has made public g“ fora <« A 
also in normal form. The secret shared key is then g®”. We assume that Alice wants to 
send an encrypted message to Bob and further we assume the encrypted message can be 
encoded ash ¢ G, that is as an element of the group G. Alice then sends to Bob the normal 
form of hg”. Bob can determine the common shared secret g”. He then multiplies hg” 
by (g””)* to obtain the secret h. 

As with the number theoretic based public key cryptosystems, the Ko—Lee method 
can be used to provide methods for other protocols, especially authentication and digital 
signature protocols. 


24.8.2 The Anshel-Anshel-Goldfeld Protocol 


We now describe another non-Abelian group-based public key exchange protocol. It is 
somewhat similar to the Ko—Lee protocol and was developed at approximately the same 
time. This is the Anshel-Anshel-Goldfeld public key exchange protocol. 

As in the Ko-Lee protocol we start with a group G given by a finite presentation 
G = (X;R). We further assume as before that there are efficiently computable normal 
forms relative to the presentation (X;R). The Ko-Lee protocol required two large com- 
muting subgroups. For communication, the Anshel-Anshel-Goldfeld protocol requires 
a choice of subgroups of G, but they need not commute. While the difficulty of the deci- 
sion conjugacy problem provides the security for the Ko—Lee method, it is the difficulty 
of the conjugator search problem that provides the hard problem, and hence the secu- 
rity, in the Anshel—Anshel-Goldfeld protocol. 

Once we have our platform group G, we assume that Alice and Bob want to obtain 
a common shared secret or a common shared secret key. We assume that this secret key 
can be expressed as a group element g ¢€ G. The first step is for Alice and Bob to choose 
random finitely generated subgroups of G by giving a set of generators for each, 


A= {Q4,...,Qn}; B= {by,...,Dm}, 
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and make them public. The subgroup A is Alice’s subgroup while the subgroup B is Bob’s 
subgroup. 

Alice chooses a secret group word a = w(qa,...,@,) in her subgroup while Bob 
chooses a secret group word b = v(bj,...,D,,) in his subgroup. As before, for an ele- 
ment g € G we denote by NF,(g) the normal form for g. Alice knows her secret word a 
and knows the generators b; of Bob’s subgroup. She can then form the conjugates of the 
generators of Bob’s subgroup B by her secret element a ¢ A. That is, she can compute 
bf = a ‘b,a for each b;. She then makes public the normal forms of these conjugates 


NFy(bf), i=1,...,m. 


Bob does the analogous thing. He knows his secret word b and the generators a,, 
i=1,...,n of Alice’s subgroup A and hence can compute the conjugates a? = b ‘a,b for 
i=1,...,n. He then makes public the normal forms of the conjugates 


Db : 
NFy(q;), jf=t...sn. 


The common shared secret is the commutator 


[a,b] = ab“ ab = ata? = (b*) ‘b. 

Notice that this is known for both Alice and Bob. Alice knows a” = b~ab since she 
knows a in terms of generators a; of her subgroup and she knows the conjugates by 
b, since Bob has made the conjugates of the generators of A by b public. That is, Alice 
knows a = w(d,,...,@,) and a’ = bab = w(b"'a,b,...,b-1a,b) = w(a?,...,a”). Since 
Alice knows a? , she knows 


[a,b] = a'b ab = a-'a?. 


In an analogous manner Bob knows [a,b] = (b*)*b, since he knows his secret el- 
ement b in terms of the generators b;,j = 1,...,m, of his subgroup B and Alice has 
made public the conjugates of each of his generators by her secret element a. Hence 
b = v(b,,...,Dm) so that b* = v(bf,...,bf,) and this is known to Bob. Since Bob knows b* 
and b, he knows 


[a,b] = a tb “ab = ab = (b“)“b = (b*) 'b. 


Notice that in this system there is no requirement that the chosen subgroups A and 
B commute. 

An attacker would have to know the corresponding conjugator, that is the element 
that conjugates each of the generators, that is, the conjugator search problem: Given 
elements g, h in a group G, where it is known that g* = k-1gk = h, determine the conju- 
gator k. It is known that this problem is undecidable in general, that is, there are groups 
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where the conjugator cannot be determined algorithmically. On the other hand there 
are groups where the conjugator search problem is solvable but difficult, that is, the 
complexity of solving the conjugator search problem is hard. Such groups become the 
ideal platform groups for the Anshel—Anshel-Goldfeld protocol. 

The security in this system is then in the computational difficulty of the conjuga- 
tor search problem. Anshel, Anshel, Goldfeld suggested, as did Ko, Lee et al., the braid 
groups, B,, as potential platforms. The braid groups are a class of infinite, finitely pre- 
sented groups that arise in many different contexts. The braid group B,, has a standard 
presentation with n - 1 generators. 

The necessary parameters that must be decided in using the braid groups as plat- 
forms for either the Ko-Lee protocol or the Anshel-Anshel-Goldfeld protocol are then 
the number of generators of the braid groups used and the number of generators for 
the chosen subgroups. For example Bagg, the braid group on 200 strands with 12 or more 
generators in the chosen subgroups might be used. It has been shown that the larger 
the number of strands, the harder it is to attack the protocol. The suggested use of the 
braid groups by both Anshel, Anshel and Goldfeld and Ko and Lee led to the develop- 
ment of braid group cryptography. There have been various attacks on the braid group 
cryptosystems. 

We now summarize the formal setup for the Anshel—Anshel-Goldfeld Key Exchange 
Protocol. After this we will show how to use the ElGamal method to construct a public 
key encryption system from this. 


24.8.2.1 Anshel-Anshel-Goldfeld Preparation 

1. We start with a platform group G. We assume that G has a finite presentation with 
efficiently computable normal forms that have good diffusion. Further, there is a 
large collection of efficiently computable subgroups. 

2. Weassume that Alice wants to share a common key with Bob. Alice and Bob choose 
random finitely generated subgroups of G by giving a set of generators for each, 


A= {Q,...,Qn}, B= {b,,...,Dn} 


and make them public. The subgroup A is Alice’s subgroup while the subgroup B is 
Bob’s subgroup. 


24.8.2.2 Anshel-Anshel-Goldfeld Key Exchange 

1. Alice chooses a secret group word a = w(qy,...,a,) in her subgroup. Alice knows 
her secret word a and knows the generators b; of Bob’s subgroup. She can then form 
the conjugates of the generators of Bob’s subgroup B by her secret element a « A. 
That is, she can compute b? = a 'b,a for each b;. She then makes public the normal 
forms of these conjugates 


NE (bs)y TH 1.3 
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2. Bob chooses a secret group word b = w(b,,...,D,,) in his subgroup. Bob knows his 
secret word b and knows the generators a; of Alice’s subgroup. He can then form 
the conjugates of the generators of Alice’s subgroup A by his secret element D ¢€ B. 
That is, he can compute a? = b"'a;b for each a;. He then makes public the normal 
forms of these conjugates 


NFy(a?), i=1,...,m. 


3. The secret shared key is the commutator 


24.8.2.3 ElGamal Encryption using the Anshel-Anshel-Goldfeld Protocol 

As with all public key exchange protocols, the Anshel—Anshel-Goldfeld key exchange 
can be developed into a cryptosystem by the ElGamal method. This works essentially 
in the same manner as for the Ko-Lee protocol. We assume that we have a group G 
appropriate for the Anshel—Anshel-Goldfeld key exchange and that Alice and Bob want 
to communicate secretly. 

Alice and Bob, respectively, have chosen their appropriate subgroups A and B whose 
generators have been made public. Bob has made public the conjugates of the generators 
of A by his secret element b ¢ Bin normal form and Alice has made public the conjugates 
of the generators of B by her secret element a ¢ A, alsoin normal form. The secret shared 
key is then the commutator [a, b]. 

We assume that Alice wants to send an encrypted message to Bob, and further we 
assume that the encrypted message can be encoded as h €¢ G, that is, as an element of 
the group G. Alice then sends to Bob the normal form of h[a, b]. Bob can determine the 
common shared key [a, b]. He then multiplies h[a, b] by [a, b]~' to obtain the secret h. 


Exercises 


1. Bob has a backup authentication security system as described in Section 24.5. His 
basic words are w, = x; _X3X3”, W) = X?X3, and w3 = x3x?x>"x3. The bank sends him 
w= yiy3yy. What must the group randomizer send back? 

2. Let M = PSL(2,Z) be the modular group. Let A = {a,b,c,d,e,f,g} be a 7 letter 
plaintext alphabet. Choose a free subgroup of the modular group to encrypt these. 
(a) Using your basic encryption and message units of size 3, what would be the 

encryption matrices for the message abbdceffgcba? 
(b) Using your basic encryption and the algorithm given in Problem 1, what is the 
plaintext message for (83) and (37)? 

3. The following protocol is based on the factorization search problem which is: Given 

two subgroups A, B of a group G and w € G, to finda € A, b € Bwith w = ab. This 
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10. 


11. 
12. 


protocol is described in [93]. For this problem you must show and explain that the 
protocol works. 

The requirements for the protocol are as follows: a public group and two public 
subgroups A, B that commute elementwise. Alice randomly chooses two private el- 
ements a, € A and b, € B and sends a,b, to Bob. Bob does the same choosing a, € A 
and b, € B and sends a,b, to Alice. 

The common shared secret is K = a,a,D,b,. 

Prove Epstein’s theorem: Given a random finitely generated subgroup of GL(n, R), 
with probability 1 it is a free group. The probability is standard measure on R”, 
Hint: Given a finite set of matrices in GL(n, R), think what a relation between them 
would mean algebraically on the coefficients and where this would place the matri- 
ces topologically. 

Let G = H, « --- x H, withn > 2 be the free product of finitely many nontrivial 
groups. Suppose that H, > 3 ifn = 2. Show that G has the strong generic free group 
property. 

Let G be a group and N be a normal subgroup. Show: If the quotient G/N satisfies 
the strong generic free group property then G also satisfies the strong generic free 
group property. 

Show that a group with a generating set X is an epimorphic image of F(X). Moreover, 
every map X — G with G a group can be extended to a unique homomorphism 
f: F(X) > G. 

Let F be a free group on {xj,...,X,}. Show that each conjugation x; — gxg~' with 
g € F can be written as a sequence of elementary Nielsen transformations. 

Let F be a free group on {x),...,X,}. Show that the automorphism group Aut(F) is 
generated by the elementary Nielsen transformations (N1) and (N2). 

Let PB, stand for the pure braid group, n > 3. Using the Reidemeister—Schreier 
method, show that this group has a presentation with generators 


2-1 -1_-1 
Aij = Gj-19j-2°* F419] Fist G 2G 
where 1 < i<j < nand relations 
Aj ifs <iorj >r, 
A haee AjsAyAis ifi<j=r<s, 
rs‘*yt*rs ~ ADATALALA ee se 
yj tir A yftiry Wi<r<jJ=s, 
-1,-1 Aa wie ‘ 
Ais Ai, AjsAjrAyAjy Ais AijrAis ifi< r, J; S. 


Show that the pure braid group PB; is isomorphic to the direct product F, x Z. 

Let F,, be the free group of rank n on the free generating system X = {X},...,Xp} 
and let B € Aut(F,,). Show that B ¢ B, if and only if B satisfies the following two 
conditions: 

(1) B(x) is conjugate to another generator. 

(2) BUX, ++Xq) = X02 Xp. 
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13. Let G be Bao, the braid group on 19 generators 0;,..., 049. Let A be the subgroup 
generated by o,,...,0,; and B the subgroup generated by o4g, .. . ; Oyo. 
Let g = 070103 '05"049, @ = 67030,, and b = Gy7Ojg. 047. 
(a) What is the secret shared key using the Ko-Lee protocol? 
(b) What is the secret shared key using the Anshel—Anshel-Goldfeld protocol? 
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